As GDPR Looms, Some EU States are Already Ahead of The Curve

As the Cambridge Analytica scandal continues to unravel, so digital businesses across the world are being forced to take a fresh look at their data privacy and security practices in a bid to reassure customers and to protect their interests.

It’s not just about the Facebook debacle, nor a response to figures that suggest public trust in social platforms is tanking, but in order to comply with one of the biggest regulatory undertakings in recent years – GDPR.


The imminent introduction of the EU’s General Data Protection Regulation (GDPR) will introduce the most comprehensive set of rules on the collection and use of consumer data in the world to date. From 25 May 2018, any company marketing to customers in the EU – whether or not they are located in the bloc – will have to abide by the regulations or face a robust response.

GDPR leading the way in Europe and beyond?

GDPR could become a model for global data compliance, not least because many companies serve clients in the EU and will have to implement the digital privacy regulations, regardless. A penitent Mark Zuckerberg has already suggested that Facebook may look to ‘extend the same (EU) protections’ to Americans, with others surely following his lead.

It’s certainly an appropriate time for governments to consider offering consumers greater rights over the use of their own personal information by developing more comprehensive legal protections from companies who are profiting from its exploitation.

GDPR not only recognises that citizens ‘own’ their personal data, but it requires any company collecting that data to demonstrate transparency in how they harvest, store, use and share it, as well as giving individuals the right to query, examine and withdraw consent for its use at any time. And, with potential penalties rising to a peak of €20 million (or 4% of a company’s worldwide revenue), it’s a regulation that could bite hard.

EU taking a pioneering approach to privacy legislation

It’s fair to say that the EU has always taken a more robust approach to privacy than other countries, including the US. Although it still leads the world in digital technology, America is in many ways behind the curve when faced with enacting pro-consumer regulations.

Most importantly, the US lacks the legislative framework to regulate organisations’ use and misuse of customer data – something that European regulators have been finessing for more than two decades. Stateside, privacy regulation operates patchily, with different rules applicable to a variety of industries, and little or no commonality.

Contrast that to Germany, where a total of 16 separate bodies oversee data protection practices – an approach that actively encourages companies to toe the line. Germany’s justice minister Katarina Barley took the fight for privacy to Facebook’s door recently when she wrote asking for an internal review of the organisation’s ‘control and sanction’ mechanism to ensure that third-party developers would be prevented from misusing Facebook data and recommending stricter penalties for non-compliance.

Digital nomad working in a virtual office

Harnessing the digital economy in Malta

A tiny island in the Mediterranean is also breaking the digital mould by focusing on creating a world-leading online gaming model, at the same time exploring the opportunities presented by blockchain technologies and embracing the potential of cryptocurrencies.

Thanks in large part to its dominance in the provision of gambling and betting services which has, in turn, been boosted by the exponential growth of online gaming, Malta’s economy is booming. According to a recent blog by the IMF, because the Malta Gaming Authority (MGA) was the first to regulate the online gaming industry in 2004 and to assign licenses to multiple firms, it now has a strong advantage over the rest of the EU – with the gaming industry accounting for almost 12% of total gross value added in 2016.

And with signs of a new emerging sector on the horizon, Malta also aims to become an economic force in the crypto-economy. The Maltese government has commissioned a study on cryptocurrencies with a view to creating a regulatory framework for blockchain technology to govern the use of cryptocurrencies in the remote gaming sector.

Estonia – a nation of digital nomads

Post-Soviet Estonia is also rewriting the rules of digital engagement, as it embraces a future of work and citizenship that is nothing short of revolutionary.

Estonia has a thriving start-up ecosystem and is one of the founding members of the ‘Digital 5’ (alongside New Zealand, Israel, South Korea and the UK) that are leading the world in strengthening the digital economy. Even if it only boasts 1.4 million citizens, 99 percent of Estonia’s state services are online. Estonia’s progress in e-governance, as well as its formulation of digital policies, and national cryptocurrencies have made it one of the most forward-thinking countries in the world.

Estonia is also looking at new ways of boosting its tech sector via a ‘digital nomad visa’ that will allow non-residents to work and travel in the country for 365 days, with the right to travel in Europe’s Schengen Area for up to three months.

The US is playing catch-up

GDPR may seem like a timely intervention in the wake of Cambridge Analytica, but it’s been in the pipeline for several years. By levelling the playing field, the regulation is creating an opportunity for companies to compete on the basis on privacy – a key differentiator that opens up new market opportunities for those placing consumer interests at the heart of their business.

Indeed, as the stream of emails flooding into our mailboxes shows, the looming debut of GDPR is forcing businesses to reassess their data-gathering practices. But unless the whole world follows suit – the U.S. especially – enforcing compliance of digital actors will remain a wholly European affair.