EU GDPR 2 year review published – What could this mean?
Sue Daley, Associate Director of Technology and Innovation at techUK responds to the European Commission's two year review of the General Data Protection Regulation...
The European Commission yesterday published the report of its review of the General Data Protection Regulation (GDPR). The aim of this review, scheduled two years after GDPR became law in 2018, is to consider its functionality in practice. The GDPR review is an opportunity for the European Commission to assess areas where GDPR is working well, and understand where the operational application may have raised issues that need to be addressed.
The report out yesterday does not introduce any new legal changes to GDPR but its findings provide an indication of where the European Commission believe further action may be needed. This, in turn, will help ensure the values, principles and requirements of GDPR are being fully implemented.
Key findings of the review include:
- Data protection authorities (DPAs) have not yet used the “full array” of GDPR tools to support cooperation between authorities
- A more harmonised and efficient working arrangement between DPAs is needed on cross border cases. The lack of staff and resources of some national data protection authorities is seen as a reason why closer cooperation between authorities has failed to fully emerge
- There is a lack of “consistent approach and guidance” from various data protection authorities on issues such as cookies and the application of legitimate interest
- Individuals are increasingly aware and using the increased data protection rights. 69% of Europeans having heard about GDPR and 60% aware of the law that allows them to access data help about them by public administration.
- The right to data portability is “not used to its full potential”. However, the development of new technological tools to facilitate portability has been seen
- The administrative burdens faced by SMEs for recording of processing activities is highlighted with the exemption in Article 30 seen as “very narrow”. The report highlights how the use of templates to support SMEs to meet their requirement should be used
- GDPR has helped to address privacy issues raised by emerging technologies. This includes awareness around the important role guidance and sandboxes can play
- Creation of a “Data Protection Academy” to increase international cooperation
- The important role of the adequacy process and the ongoing talks with South Korea and the UK in line with the political declaration of the future relationship.
- The importance of the European Data Protection Board developing criteria to approve certification mechanisms and codes of conduct.
In response to the publication of the GDPR report, Sue Daley, Associate Director of Tech and Innovation at techUK welcomed the report’s findings;
“In the two years since its introduction GDPR has provided businesses with clear, consistent and harmonised data protection rules which have helped the levels of data protection and security increase across industries and sectors. It also put in the hands of individuals tools to make real decisions about how their data is being used.
techUK agrees with the Commission’s position that the GDPR’s risk-based, principle-driven, technology neutral approach provides a clear legal framework to explore data protection issues being raised by emerging technologies. However, what remains vital is that there continues to be consistency, clarity and certainty on how the rules and requirements of the GDPR are interpreted and applied by member states. The call for data protection authorities to be adequately resourced is also supported as this is key to ensuring regulators can support individuals and companies particularly given the data protection issues and questions being faced today"
Latest News from
The Government's R&D roadmap sets high ambitions for UK science02/07/2020 14:25:00
The roadmap sets out the Government's vision to make the UK a global science and R&D superpower.
WITSA Awards | Extended Deadline & New COVID-related Award Categories02/07/2020 11:25:00
Applications are still open! Due to COVID-19 situation, the WITSA Global ICT Excellence Awards have now for the first time been moved into virtual space – with extended...
Data centres eligible for funding under IETF02/07/2020 09:33:00
Government explicitly includes data centres in the scope of the Industrial Energy Transformation Fund.
Matt Pullen from CyrusOne joins Data Centre Council01/07/2020 17:02:00
The UK Council of Data Centre Operators has recently appointed Matt Pullen to help the group in its work setting strategic direction for activity.
Tech Partnership Degrees to join forces with techUK01/07/2020 16:25:00
Tech Partnership Degrees is to join forces with techUK as part of a strategy to accelerate the impact of employers acting collaboratively on UK digital skills.
Prime Minister Boris Johnson makes speech on Economic Recovery01/07/2020 11:25:00
The Prime Minister in a speech in the West Midlands, yesterday set out a roadmap to economic recovery post-COVID.
Building the Future We Need: West Midlands Digital Dialogue30/06/2020 11:25:00
techUK is hosting the second in a series of conversations across the UK to understand the local impact of COVID-19 and to think forward to the economic recovery that we...
Ofcom consultations: copper retirement and WT Act licence charges26/06/2020 11:25:00
Ofcom welcomes views on determining when copper regulation can be removed, and proposals to make the WT Act (Licence Charges) Regulations 2020.