European Commission Reviews GDPR After Two Years

The General Data Protection Regulation (GDPR), which was introduced in 2018, was the biggest shake-up of data privacy in 20 years.

On 24 June, the European Commission published an eagerly awaited report to mark the second anniversary of GDPR, stating that it “has met most of its objectives, in particular by offering citizens a strong set of enforceable rights and by creating a new European system of governance and enforcement.”

The report says that GDPR had proved to be flexible to support digital solutions in the event of unforeseen circumstances, such as COVID-19, but it should not be abused to curtail press freedom.

The two-year review is on the whole favourable, claiming that citizens are now more empowered and aware of their data rights. According to the report, 69 per cent of EU citizens over 16 have heard about GDPR, and 71 per cent have heard about their national data protection authority.

There is also evidence that data protection authorities are making use of their stronger corrective powers, seeing a 42 per cent increase in staff, and a 49 per cent increase in budgets for all national data protection authorities in the EU. The report does add that while the authorities are working closely together, there is still room for improvement.

German Green Party MEP Alexandra Geese said of the report: “The rules for the protection of our personal data have proven to be a global gold standard and are an indispensable basis for a fundamental rights-based development of future technologies such as artificial intelligence or a strategy for pooling health data.”

She added that she welcomed the report stating there was room for improvement, but that GDPR must be applied evenly: “We call for strong and consistent action here. It is unacceptable that the local football club has to follow the rules meticulously, while the giants of the net are often off the hook.”

Agenda are certified to ISO27001 (Information Security Management) and BS10012 (Personal Information Management) standards, amongst others, and are one of the first organisations to achieve the privacy extension ISO 22701:2019. For any consultancy or screening related questions, get in touch with us today.

Our Team