Normally the private sector tends to respond to change far faster than the public sector. This is because it is bottom line oriented, has an impatient electorate in the form of shareholders who can vote by disinvesting at any moment. Moreover, they know that certain kinds of failure can result in reputational damage or personally punitive legal action.
It is therefore surprising in a region where many companies depend on the internet to market and transact business, how slow they have been to recognise and respond to new European data legislation governing how they handle the information they hold on EU citizens.
On May 25 a European Union law, the European Union General Data Protection Regulation (GDPR), came into force. The two-year-old regulation provides advanced levels of protection to EU citizens in relation to the personal data that any company anywhere might hold on individuals.