Norm Pyramid Using European Law as an Example

suchona.kani.z · Post by **suchona.kani.z** » Sat Jan 25, 2025 7:13 am

EU law, our constitution and other laws are legally binding, which means that if you break this law, you will be punished. The exact measures that need to be taken to comply with these laws are not specified by law, but are developed when a new law is passed, among other things, through the development of norms and standards. Norms and standards are set by private organisations and set quality benchmarks. They are not necessarily legally binding like laws, but they do represent the state of the art and are therefore a metric for quality measures. Such quality measures can in turn result in feedback to legislation and sharpen legal texts. We would like to highlight the development of light bulbs as a striking example. By standardising and deriving efficiency measures, quality differences could be made measurable. This not only resulted in an increase in quality among manufacturers, but ultimately also led to the specific legal exclusion of inefficient, environmentally unfriendly light sources.

In the following graphic we have created an example for this specific blog post. In the rest of the article we will only deal with the developments of the legally binding standards.

Let’s take a look back and consider a very special law that most of us latvia consumer email list should have heard of before: the General Data Protection Regulation, or GDPR for short.

What can we learn from ten years of GDPR?
The General Data Protection Regulation, or GDPR for short, was introduced by the European Commission more than ten years ago, on January 25, 2012. There were now four years until the regulation came into force in May 2016. Four years in which most companies had to overhaul their self-image when dealing with personal data and implement the legal requirements. Four years in which one often read about a brake on innovation, overregulation and a lack of competitiveness in international comparison. With high penalties looming and no experience in the (especially judicial) interpretation of the GDPR, it was surprising that many companies in a wide variety of industries were mostly hesitant. In addition to experience, many things were certainly lacking at that time: software (whether tools or routines), legally secure wording (whether in contracts or in the imprint), roles, processes or control bodies.

Today, at the beginning of 2023, we have long since closed these gaps and gained security and the knowledge that the GDPR is actually being monitored. We know quite precisely how we as a company (have to) make our homepage GDPR-compliant and which (pre-made) forms we as consumers have to send to a company to find out whether it has stored data about us and for what purpose.