The European Data Protection Commission published an assessment on 24 June 2020 after just over two years of implementation to the EU GDPR. The evaluation concludes that most of the objectives of the legislative reform have already been achieved. Citizens received more rights and opportunities to control the processing of their personal data. Still, there is a need to develop a uniform application of legislation and effective implementation.

The European Commission believes that the EU GDPR has increased the transparency and capacity of influenza citizens by processing their personal data in the digital age. Awareness-raising has to be encouraged so that more people can always exercise their rights, for example, ratify, delete and transfer their personal data.

The evaluation concludes that the Regulation is a flexible instrument in different situations, such as the development of new digital solutions during the coronavirus pandemic. Consistency in the implementation of the legislation has also increased during these two years, there is still fragmentation between member states. The European Commission will pay particular attention to the future to facilitate the implementation of SMEs.

Cooperation between data protection authorities grew.

The GDPR provided national data protection authorities with increased law enforcement powers. Because oversight is effective, public authorities need to provide sufficient resources to perform the functions.
The evaluation concludes that while control resources increased, significant differences remain between member states.

Data protection authorities are cooperating and addressing transnational issues using what is called a single information point.

However, the Commission believes that, in particular, cross-border case management required an even more effective and coherent approach.

Over the past two years, the Commission has intensified dialogue with third countries and promoted respect for privacy around the world. Because violation of privacy laws can affect a large number of people worldwide, it is necessary to strengthen international cooperation between data protection authorities.

International data transfer mechanisms will also be updated. The Commission is committed to developing secure data transfers together with the European Data Protection Committee.

This is the first time the Commission has referred to the evaluation of GDPR. In the future, the evaluation will be published every four years.

Harmonize data protection legislation on crime prevention and investigation

On 24 April, the Commission published a proposal for 15 June, the Commission also adopted a communication identifying 10 legislative texts which should be aligned with the Directive on the protection of personal data processed for law enforcement purposes. The acts relate to the processing of personal data of the competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA FINLANDIA