The European Commission has published its assessment of the functioning and application of the General Data Protection Regulation. The Commission considers that the data protection regulation has worked effectively and increased people’s opportunities to manage their own data. In particular, the uniform application of legislation in EU countries and the support given to small operators still need to be developed. The commission makes an evaluation every four years.
Effective control measures and common European decision-making
Stakeholders, data protection authorities and EU countries agree that the General Data Protection Regulation has produced significant results despite some challenges. The common data protection regulation of the EU countries has been applied for six years now.
According to the Commission, the monitoring activities of data protection authorities have made organizations invest in data protection. Data protection authorities have initiated more than 20,000 self-initiated investigations and ordered a total of 6,680 fines throughout the EU. Several significant fines have been imposed on large multinational technology companies.
People are also increasingly aware of their data protection rights and use them diligently. European data protection authorities receive a total of more than 100,000 complaints from citizens each year.
In addition, data protection authorities cooperate even more in cases that cross national borders. In its previous evaluation of the data protection regulation, the Commission stated that it is necessary to improve the processing of cases affecting all people in the EU region. The EU is currently negotiating a regulation aimed at speeding up the resolution of cross-border cases.
The Commission also considers the fact that the requirements for international data transfers have been clarified and the tools for data transfer have been developed as significant progress.
Support for small operators must be increased, uniformity of interpretations must be ensured
In its report, the Commission also mentions development measures to achieve the goals of the data protection regulation. In particular, SMEs and other small operators must be better supported, for example with clear instructions. The strategy of the European Data Protection Board commits to drawing up guidelines for small operators.
In the application of data protection legislation, some fragmentation between EU countries has still been observed. The Commission states that in the coming years, the focus should be on further increasing the uniform interpretation of the data protection regulation. In addition, the uniform application of the EU’s new digital and data regulation requires effective cooperation between the authorities.
The Commission has compiled the report based on feedback received from stakeholders, data protection authorities of EU countries and the Council of Europe. The Commission gave its assessment of the EU General Data Protection Regulation for the second time. The Commission’s previous report was published in 2020, after two years of application of the Data Protection Regulation.