skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view


After four years of negotiation of and amendments to the initial proposal issued by the European Commission in 2012, the new European General Data Protection Regulation (GDPR) is about to become a reality. It will replace a framework that dates back to 1995 and that is inevitably outdated for the digital age. However, practical implementation will be tricky in many respects and the new rules might not be as effective as is hoped. Businesses will have to deal with a framework oriented more to consumer protection, although they should be happy with the one-stop-shop principle, which could lead to significant compliance cost savings.

These rules might already be outdated for the IoT era

It has been a long time coming, but the new EU GDPR is finally set to see the light of day. It will still require a vote of the EU Parliament on the text agreed through negotiations between the European Commission, the European Council, and the EU Parliament itself, but Ovum expects the text to be adopted in the coming months. The vote will mean the passing of an unprecedented set of data protection rules – the first of the digital age, replacing a directive that is now 20 years old and was conceived when the Internet was in a very early stage of development. The old rules inevitably failed to capture the evolution in technology and user behavior and the new directive makes significant efforts to strengthen the protection of end users. These users are paying increasing attention to privacy issues and are ever more often worried about the personal data they share online.

Businesses will face much tougher sanctions than under the current framework – up to 4% of their annual worldwide turnover, which could in many cases amount to billions. However, they should be happy with the presence of the promised one-stop-shop mechanism. This should reduce the impact of compliance, because companies will mainly need to liaise with just one data protection authority for the whole EU.

However, many aspects of the new rules will be difficult to put into practice. One example is the issue of unambiguous consent. Policy-makers fail to define this clearly and it might be incredibly difficult to obtain in a few years’ time when IoT applications have become more widespread and originate an almost uncontrolled flow of personal data. Other aspects will still require individual authorities in each country to enforce the rules in detail, effectively retaining some of the inconsistencies of the current framework. For example, the age limit relating to parental consent for the use of “information society” services (i.e., social media and similar) will be set by each member state at between 13 and 16 years old. This is likely to be disruptive for both online companies and young users.


Further reading

Data Protection Tracker: 4Q15, TE0007-000955 (December 2015)

Current Status and Future Developments in Data Protection, TE0007-000812 (August 2014)


Luca Schiavoni, Senior Analyst, Regulation

Recommended Articles

  • Service Provider Markets, Consumer & Entertainment Services,...

    MWC 2018 Highlights

    By Ronan De Renesse 27 Feb 2018

    Over 20 of our senior Ovum analysts and consultants attended this year’s Mobile World Congress in Barcelona at the end of February. In between meetings, briefings and presentations, our analyst team were blogging and tweeting about key developments, trends and rumors. Have a look through our daily MWC 2018 Highlights to find out what happened.

    Topics 5G AI IoT Cloud Payments SDN/NFV Smart home

  • Internet of Things

    IoT Viewpoints 2018

    IoT Viewpoints explore the IoT opportunity in 2018 and beyond. Download our latest e-book to get our newest collection of thought leadership articles on the emerging IoT trends, technologies and opportunities.

    Topics IoT

  • Consumer & Entertainment Services

    US pay TV: Is it facing an existential threat?

    By Adam Thomas 28 Mar 2018

    With US pay TV having endured the worst year in its history, thoughts have inevitably turned to the future. The likelihood remains that the immediate future will remain highly uncomfortable for everyone except the scaled multinational digital platforms.


Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700

Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

+44 (0) 207 551 9047 - Operational from 09.00 - 17.00 UK time

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at

Contact marketing -

Already an Ovum client? Login to the Knowledge Center now