On June 24, 2020, a little over two years after the entry into application of the General Data Protection Regulation (GDPR), the European Commission has issued an evaluation report on its effectiveness. As a recap, the GDPR is the legislation which governs the processing of personal data across the EU, having Spill-over effects in the entire world. Its goals include strengthening the rights of individuals with regards to their personal data, increasing transparency and creating a level playing field for all companies operating on the EU market, irrespective of where they are established. The report concludes the GDPR has achieved most of its objectives, but also outlines what steps are needed to further promote its application.
The key findings of the report can be summarized as such:
- The GDPR has brought more empowerment and awareness to individuals regarding their rights. The report nevertheless mentions that there is space for improvement when talking about data portability, which allows individuals to have their data transferred from one company/organization to another under certain circumstances. The right requires companies to coordinate and cooperate, which can be problematic;
- The rules enshrined in the GDPR are fit for the digital age and promote trustworthy innovation, or example through the principle of data protection by design and by default;
- Data protection authorities are using their stronger corrective powers to enforce the GDPR rules through, among others, warnings and fines. However, the report underlines that the authorities need to be supported with human, technological and financial resources. Despite an overall increase of budgetary and staff allocations, there are still differences between the Member States;
- The European Data Protection Board (EDPB) is issuing guidance documents, some of which specifically targeted at small and micro-enterprises;
- The European Commission is working on approving countries or regions as providing adequate protection, thus enabling easy international data transfers. The current list can be found here. Additionally, the Commission and the EDPB are working on improving or clarifying the remaining international transfer tools, such as the Standard Contractual Clauses, codes of conduct and certification;
- The Commission is also engaging in an international dialogue, “fostering a global culture of respect for privacy and convergence between different privacy systems to the benefit of citizens and businesses alike”.
By outlining all the improvements brought by the GDPR, this report is a powerful tool to show stakeholders, companies and individuals that data protection rules can balance between rights, business development and technological innovation.
DPM Legal Department
If you are interested in more information about the GDPR, contact us now and our Consultants will be pleased to help you out!