The GDPR is often lauded for its provisions that promote better privacy practices in the private sector. At the same time, the GDPR puts a greater onus on companies to be compliant. What are some of the drawbacks of the GDPR from an industry perspective? Are any aspects of the law overly burdensome or possible counterproductive? Does the GDPR do good job balancing privacy interests with commercial interests? Is there anything that you would change?

1. Adam Satariano , "GDPR, a New Privacy Law, Makes Europe World's Leading Tech Watchdog," The New York Times, May 24, 2018 2. General Data Protection Regulation (EU), 2016/679), Art. 3, 4, 5, 6, 15, 30, 32, 33, 34, 82. 83 3. Stephen P. Mulligan and Chris D. Linebaugh, "Data Protection Law: An Overview," Congressional Research Report, R45631 4. Example GDPR Enforcement Actions: United Kingdom Information Commissioner's Office Press Release, "ICO fines Marriott International, Inc. 18.4 million for failing to keep customers' information secure," October 30, 2020 Commission Nationale de L'Informatique et des Liberts Press Release, "The CNIL's restricted committee imposes a financial penalty of 50 million euros against Google LLC," January 21, 2019 French Highest Administrative Court Upholds 50 Million Euro Fine against Google for Alleged GDPR Violations," June 23, 2020 5. Catherine Barrett, "Emerging Trends from the First Year of EU GDPR Enforcement," American Bar Association SciTech Lawyer, February 28, 2020