Two years after its introduction, the European Commission last week published an evaluation report on the General Data Protection Regulation (GDPR).
This comprehensive report sets out the impact of the regulation, which is designed to provide individuals with the right to control the processing and movement of their own personal data.
Overall, the review finds that people are more empowered and aware of their rights since the implementation of the GDPR, although it also acknowledges that there is work still to do. Key findings include:
- The rules on data protection are fit for the digital age
- Data protection authorities are making use of their stronger corrective powers
- Data protection authorities are working together in the context of the European Data Protection Board (EDPB)
- Data protection authorities are issuing advice and guidelines on key aspects of the regulation and emerging topics
- Harnessing the full potential of international data transfers is yielding some significant results
- Promoting international cooperation is ongoing, fostering a more global culture of respect for privacy
The Commission has also published a communication setting out how it plans to align EU law with the Law Enforcement Directive. This alignment will clarify issues such as the purposes of personal data processing by competent authorities, and what types of data may be subject to such processing.
The Commission will now publish an evaluation and review of the GDPR every four years. You can read the full report here.