“It’s necessary to do not forget that the GDPR acknowledged the appropriate to knowledge portability. Nonetheless, in apply, it has been one of the crucial underutilized rights, not because of an absence of curiosity from customers, however as a result of the Regulation itself left the underlying technical drawback unresolved: in what format precisely? with what requirements? by which interfaces? Now, because the Data Safety Act got here into power in September 2025, portability has grow to be a design obligation for corporations providing digital providers, because it requires that entry to and transmission of private knowledge to different corporations be technically possible,” he says.
Not forgetting a subject that’s each “very Spanish and really European,” as García del Poyo defines it, which is the proportionality within the necessities of the rule.
“If the European digital regulatory framework turns into more and more dense, overlaps with new guidelines, and we fail to simplify among the imposed obligations — for instance, these that may be labeled as low-risk or particularly geared toward SMEs — we threat compliance changing into a luxurious for big organizations slightly than an efficient normal of safety for residents,” he explains. “I consider that the success of the European digital financial mannequin — whose knowledge safety foundations had been established within the GDPR 10 years in the past — can be measured each by the effectiveness of defending rights and by its means to create a safe and favorable atmosphere for enterprise growth.”
Trying to the long run
Challenges, dangers, the necessity for evolution — we’re about to expertise some thrilling years forward. However how? What can we count on by way of knowledge safety? As a result of the technological challenges are actual, and the GDPR must adapt to the brand new actuality.
“The very first thing we’ve to remember is that we’ve already moved from knowledge administration to knowledge governance, and that that is accomplished inside a framework of compliance with basic rights,” Recio says.
In keeping with Recio, it’s essential to strengthen the position of knowledge safety professionals, which he describes as “important” and which “have to be valued and promoted by corporations in the event that they wish to obtain compliance that minimizes the chance of sanctions.”
“And thirdly,” Recio provides, “the necessity to adapt the GDPR to technological evolution itself, thus stopping conditions of uncertainty from arising or doubtlessly arising. The secret’s the rules that may be utilized to new situations and technological developments.”
