The GDPR has become a powerful example of the so-called Brussels effect, inspiring similar privacy-protecting laws in numerous jurisdictions and highlighting widespread unease among consumers about companies “watching” their behaviour and targeting ads.

Adopted in 2016, the GDPR was a watershed moment in global tech regulation, forcing companies to abide by new standards, such as asking for consent to collect people’s data online against threats of hefty fines. These infringements could result in a fine of up to €20 million or 4% of the company’s worldwide annual revenue from the preceding financial year, whichever amount is higher.

In practice, the determination of national data protection authorities to issue fines is tied to their resources, which in most cases, are limited. The Irish Data Protection Authority plays a crucial role under the so-called “one-stop shop” rule. This one-stop shop for organizations established in the European Union and carrying out cross-border processing of personal data allows your organization to deal with a single lead supervisory authority for most of your processing activities.

This rule hugely implicates Ireland because technology companies like Meta, Google, and Apple have established their European headquarters there. Under the GDPR, technology companies are supervised by the national regulator of the EU country where they are headquartered. The Irish Data Protection Commissioner is crucial in enforcing the EU’s General Data Protection Regulation. In recent months, the Irish authority has imposed significant multi-million-euro fines for GDPR violations by Meta, the parent company of Instagram and Facebook.

Last year, European data protection authorities pledged to strengthen their cooperation in handling cases of strategic importance. In October, the European Data Protection Committee sent the Commission a “wish list” of procedural law changes to improve the application of the regulation. These include setting deadlines for the different procedural steps in handling a case and harmonizing the rights of the various parties involved in investigations throughout the EU.

A new EU regulation wants to establish clear procedural rules for national data protection authorities dealing with cross-border investigations and breaches. According to the European Commission, the law will “harmonize certain aspects of administrative procedure” in cross-border cases and “support the smooth functioning of the GDPR’s cooperation and dispute resolution mechanisms.”

Key elements of the initiative include:

MyData-TRUST was created over five years ago to assist organizations in the healthcare sector with their compliance with the various international regulations on personal data protection, particularly the General Data Protection Regulation (GDPR).

MyData-TRUST helps organizations define strategies and procedures to properly manage their data (data governance) through various adaptable services, including Gap analysis, legal support, DPO and DPR subscriptions, or training options.