There are still question marks around the GDPR. What are they?

Even though GDPR is imminent, there is still a lot of confusion. The GDPR is too general, difficult to apply to different industries, lacks examples and also, for example, guidance on fines. Three weeks before the General Data Protection Regulation comes into force, these are the topics around which there is still no clarity.


The European Union's new General Data Protection Regulation will come into force this month. However, three weeks before then, there is still uncertainty around some topics. Which points of the GDPR raise the most questions and confusion?

Overly general regulation

By its very name, the European Union's General Data Protection Regulation is too general. Some requirements are difficult to understand and implement correctly.

Many IT directors and managers are unsure of their responsibilities for data handling compliance. Nor is it very clear what all actually falls under the scope of GDPR.

Hard to apply to different industries

The new rules are largely aimed at internet search engines and social network operators. Institutions in other industries (such as insurance or banking) are finding that the new requirements do not "fit" their operations.

Abstract of examples

The aforementioned generality of the GDPR is also linked to cmissing examples from practice. Some provisions will require further interpretation or clarification. However, these will probably only be forthcoming from supervisory authorities or the courts.

The general regulation thus basically defines who and what, but does not answer the question of how. "It is clear from the outset that the GDPR prescribes what to protect, sets out rights, defines terms well, but does not actually say how.

Missing guidance on fines

The GDPR does not provide any guidance on setting fines. While there are various materials and methodologies, there is no implementing decree. In practice, each country will set fines in its own way. This could lead to difficulties in the event of international disputes.

Have you also encountered any ambiguity in the run-up to the GDPR coming into force? We are reviewing the problematic passages of the General Regulation, so please do not hesitate to contact us if you need help.