Yesterday, the chair of the European Data Protection Board ("EDPB") published a statement on the second anniversary of the GDPR coming into force.
Although the use of personal data in response to COVID-19 has been a key topic recently, it isn't the only one on the EDPB's radar.
The European Commission will soon publish its review of GDPR implementation, covering international data transfers, which the EDPB has contributed to.
Importantly, in the EDPB's view it is too soon to consider revising the GDPR, which is welcome news for many organisations.
Looking forward, the key challenges from the EDPB's perspective include:
1. resourcing for data protection authorities - resolving cross border cases requires significant time and resources and in the EDPB's view national governments need to fund data protection authorities appropriately;
2. different national administrative procedural rules - differences in national laws in terms of administrative procedures and practices can create issues, and the EDPB is committed to finding a solution to these challenges.
GDPR 2 Years On - What's Happened and What's Ahead?
If you would like more information on the key data protection developments since the GDPR came into force (as well as what to expect going forward), please see our article here which provides a summary both at an EU level but also specific developments in the UK, France, Germany, Spain, Italy, Belgium, Netherlands, Sweden and Poland.
What has become clear to us regulators during this time, is that the resolution of cross-border cases is time and resource intensive. It is therefore of utmost importance that national governments fund their regulators appropriately. The effective application of the powers and tasks attributed by the GDPR to SAs is largely dependent on the resources available to them. Another challenge are the differences in national administrative procedural laws and practices. We are committed finding solutions to overcome these challenges, where these issues lie within our competence. In the meantime, it is in our view too soon to consider revising the GDPR. The General Data Protection Regulation is a long-term project and so is developing a solid data protection culture throughout Europe, built on the GDPR and the trust of individuals. Happy GDPR Anniversary!