The European Commission said that it has no current plans to amend the General Data Protection Regulation (GDPR) and will instead focus on its enforcement. This decision follows the July 2024 report on the GDPR’s application, which found serious enforcement issues.
The GDPR, adopted in 2016, establishes standards for handling personal data in the European Union (EU). The Commission is mandated to review the guidelines every four years to identify issues and possibly make changes.
The first report in 2020 also pointed out problems with the GDPR’s enforcement. When the 2024 report showed similar findings, tangible changes to the guidelines were expected. However, the Commission decided to prioritize enforcement over amendments. This move comes as the EU’s Artificial Intelligence (AI) Act entered into force in early August.
While left-leaning members of the European Parliament (MEPs) welcomed the decision, MEP Axel Voss argued that urgent action is needed. Voss said he supports revising and modernizing the GDPR to adapt to the rise of AI.
Although it did not lead to changes, the July report prompted the EU Council to agree on a position on GDPR enforcement rules.
The 2024 report’s findings
The July 2024 report pointed out that data protection authorities (DPAs), who enforce data protection laws across member states, don’t align regarding certain interpretations of the GDPR. It said that misalignment has resulted in inconsistencies in organizations’ compliance requirements.
Furthermore, the report said that data controllers, or the companies that manage personal data, are struggling to interpret and respond to access requests.
The report also found that small and medium-sized enterprises (SMEs) are having difficulties with compliance due to the varying levels of guidance and support from DPAs. Practical tools, templates, and clear-cut guidance were recommended to help with compliance.
In summary, the recent report highlighted glaring problems with the GDPR’s enforcement. The Commission’s decision to focus on enforcement should lead to stricter implementation of the GDPR.
For BPO providers and their clients, it is critical time to collaborate closely on GDPR compliance measures.
Read more Unity Communications and BPO news on our main page.
Council of the EU. (2024, June 13). Data protection: Council agrees position on GDPR enforcement rules. Retrieved from https://www.consilium.europa.eu/en/press/press-releases/2024/06/13/data-protection-council-agrees-position-on-gdpr-enforcement-rules/
Hartmann, T. (2024, August 8). European Commission opposes amending GDPR, focusing on enforcement instead. Euractiv. Retrieved from https://www.euractiv.com/section/data-privacy/news/european-commission-opposes-amending-gdpr-focusing-on-enforcement-instead/
Tar, J. (204, July 26). EU Commission’s GDPR review finds enforcement issues. Euractiv. Retrieved from https://www.euractiv.com/section/data-privacy/news/eu-commissions-gdpr-review-finds-enforcement-issues/
Voss, A. (n.d.). Press conference by Axel VOSS (EPP, DE), rapporteur on the presentation of JURI position on AI Act – Multimedia Centre. Multimedia Centre – European Parliament. Retrieved August 16, 2024, from https://multimedia.europarl.europa.eu/en/video/press-conference-by-axel-voss-epp-de-rapporteur-on-the-presentation-of-juri-position-on-ai-act_I222710