This title of this article might ruffle the feathers of all those who think emerging comparisons between Brussels and Moscow are somewhat “crossing the line”. Buckle up, as the following paragraphs will show you why such collations are by no means an exaggeration.

GDPR is the English acronym for an EU regulation that aims to address the question of private data protection in much more detail than ever before. It came into force on May 25, 2018, in all EU member countries, including Slovakia. But what exactly is it about? 

You do not need to have any previous knowledge of GDPR as all that suffices is typing the letters in your browser and you will soon have your own epiphany. In that very same moment you will be engulfed with business proposals. “Offering complete GDPR services.” “Deal with GDPR fast and cheap, template documentation available for just EUR 139.” “With us, you won´t have to worry about GDPR anymore.” “Software solutions to GDPR for small- and medium-sized companies.” “Step-by-step GDPR, for a discounted price of €599!”

It is clear from all these “ads” that GDPR equals to legislation that burdens entrepreneurs with yet another bulk of obligations. The concern is heightened for smaller businesses operating with limited personal capacities. Compliance with the new regulations in place means extra costs incurred from additional red tape.

GDPR Requirements

If you are an entrepreneur with several employees and your website or business presentations contain their photographs or phone numbers, from now on you will need their explicit consent for any such matters.

If you regularly send out newsletters, marketing text messages or catalogues to your customers, you will have to ask the addressee of such correspondence for their unreserved permission to process their contact information.

Ticking the box “I consent to the processing of my personal data” is not enough to constitute clear-cut, unrestricted authorisation. Valid consent must be concrete, explicit and informed, including obtaining information on the right to revoke any such acceptance at any time. If you are processing your customers´ personal data under an invalid agreement, you could face fines up to EUR 20 million.

Avoiding this risk would mean deleting all contact information registered in your database without the explicit approval of that individual. Alternatively, you would have to obtain brand new (and valid) consent.

Phenomenon of GDPR

And GDPR does not stop to fascinate here. Its phenomenon represents a rare instance when business regulations directly affect the non-business world. School directors and teachers are just one tiny group of the many distressed factions of society experiencing troublesome side effects from the new European medicine.

Today´s news is ripe with stories of notice-boards containing photos of past and present students. Their sheer existence is threatened by the lack of explicit assent from parents/pupils to the processing of their data. Publishing any personal information, be it the student´s name on the school´s website or their photo on the institution´s bulletin, now requires definite, individual consent. And not just that.

This agreement must be renewed every single year! Teachers who are already buried in the sea of administrative constraint are going to have to swallow another bitter pill of increased bureaucratic nagging. Most of it is, unsurprisingly, utterly senseless.

The above argument begs the question whether Brussels today is largely a mirror reflection of Moscow in the past. The Russian capital still stands tall a symbol of futile efforts to centrally direct an economy and integrate several distinct countries from midmost headquarters. From this vantage point, Brussels had gone even a step further. Its central bureaucracy strives for ludicrous micromanagement that falls short even of the comrades´ best practices.

GDPR is an example of absurdly detailed rules that carry the potential of stifling life if they were to be pedantically followed.

Translated by Edward Jozef Szekeres

Jan Oravec