EU News
Printable version

Two years of the GDPR: Questions and answers

What are the main conclusions of the report?

  • Two years after its entry into application, the GDPR has been an overall success, meeting many of the expectations, even if a number of areas for future improvement have also been identified.
  • Like most stakeholders and data protection authorities, the Commission is also of the view that it would be premature to draw definite conclusions as to the application of the GDPR and to provide for proposals for its revision.
  • It is likely that most of the issues identified by Member States and stakeholders will benefit from more experience in the application of the Regulation in the coming years.
  • Increasing global convergence around principles that are shared by the GDPR offers new opportunities to facilitate safe data flows, to the benefit of citizens and businesses alike.

 What improvements has the GDPR brought?

  • Citizens are more empowered and aware of their rights. The GDPR enhances transparency and gives individuals enforceable rights, such as the right of access, rectification, erasure, the right to object and the right to data portability. Individuals also have the right to lodge a complaint with a data protection authority and to seek an effective judicial remedy. Today 69% of the population above the age of 16 in the EU have heard about the GDPR and 71% of people heard about their national data protection authority, according to results published in a survey from the EU Fundamental Rights Agency. The GDPR has empowered individuals to play a more active role on what is happening with their data in the digital transition. It is also contributing to fostering trust-worthy innovation, notably through a risk-based approach and principles such as data protection by design and by default.
  • Businesses, including SMEs, now have just one set of rules to which to adhere. The GDPR also creates a level playing field with companies not established in the EU but operating here. By establishing a harmonised framework for the protection of personal data, the GDPR ensures that all businesses in the internal market are bound by the same rules and benefit from the same opportunities, regardless of whether they are established and where the processing takes place. In addition, privacy has become a competitive quality that customers are increasingly taking into consideration when choosing their services. For SMEs, the implementation of the right to data portability has the potential to lower the barriers to entry to data protection friendly services. Compliance with the data protection rules and their transparent application will create trust between business and consumers when it comes to the use of their personal data.

How is the GDPR being applied to new technologies?

The GDPR is an essential and flexible tool to ensure the development of new technologies in accordance with fundamental rights. The implementation of the core principles of the GDPR is particularly crucial for data intensive processing. The risk based and technology neutral approach of the Regulation provides a level of data protection, which is adequate to the risk of the processing also by emerging technologies.

The GDPR's technologically-neutral and future-proof approach was put to the test during the COVID-19 pandemic and has proven to be successful. Its principles based rules supported the development of tools to combat and monitor the spread of the virus.

The future proof and risk-based approach of the GDPR will also be applied in the future EU framework for Artificial Intelligence and in the implementation of the European Data Strategy. The Data strategy aims at fostering data availability and at the creation of Common European Data Spaces.

Click here for the full press release


Original article link:

Share this article

Latest News from
EU News

COVID-19 Response: Navigating the Pandemic in Government