Is it time to re-evaluate the effectiveness of GDPR?

Since the passing of the European General Data Protection Regulation (GDPR) two years ago, you will certainly have noticed the incessant assault of pop-ups on every web page you view asking after your personal data preferences. Although a source of irritation while scrolling through websites online, something that the lockdown has undoubtedly brought to the fore, it serves as a useful reminder that we should all think more carefully about who we grant permission to use or view our data.

As nations across the world have been vehemently tracking the spread of the current pandemic, the conversation around privacy has inevitably taken centre stage. For example, Brave has suggested that too many business are flouting the regulation without incurring fines, meanwhile others are pushing for laws to be relaxed further to allow companies to utilise personal data to fight the pandemic. With more of the population working from home than ever before, there is inevitable increased data risk, meaning that the conversation around GDPR has never been more pertinent. Regulators have been issuing guidance on the legality of new technology used for COVID-19 contact tracing, suggesting it's time to ask if the rules around GDPR should be changed and if it has actually been at all effective over the last two years?