GDPR is not omnipotent – the Belgian Data Protection Authority published the litigation chamber’s decision of 21 February 2020 which emphasised a few issues.

The case investigated the dispute between two companies and a former employee. The situation showcases the lack of power GDPR exercises over organisations and the measurable extent to which the norms of data processing are violated.

The shift towards a reprimand has been observed due to low degree of importance of data communicated from one party to another or insufficient amount, though reprimand is necessary as a third party gets unauthorisedly involved or shared information isn’t equally accessible for both parties and gets exposed in such way and at the same time, despite how much sensitive it is, concerns and affects the case.

And the main problem which was highlighted is the non-existence of a mandate to punish oral sharing of personal data. If it is not on paper, if it is not digital, it is insubordinate to regulations.

It is unwise to rely on external regulations when it comes to the areas simply not covered by them, including GDPR. The integration of a monitoring software can detect suspicious behavior within a corporate perimeter or even anywhere near an endpoint if the software is installed on it.