EU GDPR 2 year review published – What could this mean?

Today the European Commission has published the report of its review of the General Data Protection Regulation (GDPR). The aim of this review, scheduled two years after GDPR became law in 2018, is to consider its functionality in practice. The GDPR review is an opportunity for the European Commission to assess areas where GDPR is working well, and understand where the operational application may have raised issues that need to be addressed.

The report out today does not introduce any new legal changes to GDPR but its findings provide an indication of where the European Commission believe further action may be needed. This, in turn, will help ensure the values, principles and requirements of GDPR are being fully implemented.

Key findings of the review include:

  • Data protection authorities (DPAs) have not yet used the “full array” of GDPR tools to support cooperation between authorities
  • A more harmonised and efficient working arrangement between DPAs is needed on cross border cases.  The lack of staff and resources of some national data protection authorities is seen as a reason why closer cooperation between authorities has failed to fully emerge
  • There is a lack of “consistent approach and guidance” from various data protection authorities on issues such as cookies and the application of legitimate interest
  • Individuals are increasingly aware and using the increased data protection rights. 69% of Europeans having heard about GDPR and 60% aware of the law that allows them to access data help about them by public administration.
  • The right to data portability is “not used to its full potential”. However, the development of new technological tools to facilitate portability has been seen
  • The administrative burdens faced by SMEs for recording of processing activities is highlighted with the exemption in Article 30 seen as “very narrow”. The report highlights how the use of templates to support SMEs to meet their requirement should be used
  • GDPR has helped to address privacy issues raised by emerging technologies. This includes awareness around the important role guidance and sandboxes can play
  • Creation of a “Data Protection Academy” to increase international cooperation
  • The important role of the adequacy process and the ongoing talks with South Korea and the UK in line with the political declaration of the future relationship.
  • The importance of the European Data Protection Board developing criteria to approve certification mechanisms and codes of conduct.

In response to the publication of the GDPR report, Sue Daley, Associate Director of Tech and Innovation at techUK welcomed the report’s findings;

“In the two years since its introduction GDPR has provided businesses with clear, consistent and harmonised data protection rules which have helped the levels of data protection and security increase across industries and sectors. It also put in the hands of individuals tools to make real decisions about how their data is being used.   

techUK agrees with the Commission’s position that the GDPR’s risk-based, principle-driven, technology neutral approach provides a clear legal framework to explore data protection issues being raised by emerging technologies. However, what remains vital is that there continues to be consistency, clarity and certainty on how the rules and requirements of the GDPR are interpreted and applied by member states. The call for data protection authorities to be adequately resourced is also supported as this is key to ensuring regulators can support individuals and companies particularly given the data protection issues and questions being faced today"

  • Sue Daley

    Sue Daley

    Associate Director | Technology & Innovation
    T 020 7331 2055

Share this

FROM SOCIAL MEDIA

A thank you letter from @NHSX and @tara_donnelly1 to all the industry partners that have helped sustain and protect… https://t.co/1eoIZWCHaU
techUK is delighted to share an early insider's glimpse of @educationgovuk ambitious new programme to provide lapto… https://t.co/zrZezoVKUw
.@MicrosoftUK has committed to help 25 million people who have lost their job due to #COVID19 to reskill for roles… https://t.co/OMbuxDTGcS
ICYMI @MeVitae discussed how to ensure the hiring process is free of prejudice & latent bias with new technologies… https://t.co/PkINRjxvBK
Fewer frameworks and more ministerial muscle – how government can make good on its SME agenda - techUK's Head of Pu… https://t.co/YwATVtAIGT
We have an exciting line-up of speakers who will be sharing their insights on customer innovation and Open Banking… https://t.co/IUpE3DKMCd
Last chance to register for our Monday event on how AI can help us adapt to climate change. Awesome panel with our… https://t.co/gmPF7VyvE9
Become a Member
×

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...