The European Commission found serious enforcement issues with the General Data Protection Regulation (GDPR) and called for clearer guidelines to strengthen data protection across member states in a report published on Thursday (25 July).
This is the Commission’s second report on the application of the EU’s GDPR, a landmark data protection regulation that governs how personal data is handled in the European Union.
The regulation, in force since 2018, required that every four years, starting from 2020, the Commission should publish reviews of the GDPR to identify any issues, possibly leading to amendments to the regulation. The first one was published two years ago.
The new study revealed enforcement issues and the need for improved compliance and data protection across the EU.
This year’s study could lead to some tangible changes to the regulation but it is unclear how substantial these will be.
“There is no appetite for a complete legislative overhaul, so options range from developing new regulators’ guidance to targeted or ancillary legislative changes,” said Isabelle Roccia, managing director for Europe at the International Association of Privacy Professionals.
“The Civil Liberties Committee will now have an EPP Chair and industry may see an opportunity for an industry-friendly refresh of parts of the GDPR without poking the bear,” she said.
Maryant Fernández Pérez, head of digital policy at the European Consumer Organisation (BEUC), an umbrella organisation representing the interests of national consumer organisations across Europe, warned that “the GDPR is constrained by often slow and ineffective enforcement, particularly in the major cross-border cases”.
Already in April, members of the European Parliament voted on amendments to the GDPR Enforcement Procedures Regulation to strengthen enforcement. Stakeholders urged further improvements, particularly regarding complainants’ rights and cross-border matters.