EC publishes two year GDPR evaluation

European Commission (EC) has issued its first communication of the two years application of the General Data Protection Regulation (GDPR) to the European Parliament and the Council of European Union. 

It is the first evaluation and review of the GDPR, with specific reference (according to Art. 97(2) of GDPR) to the application and functioning of the rules on the transfer of personal data to third countries and international organisations, as well as of the rules on cooperation and consistency. 

EC highlights the role of GDPR as the standard-setter for regulation of digital economy and it has successfully met its objectives of strengthening the protection of the individual’s right to personal data protection and guaranteeing the free flow of personal data within the EU.

The Communication pointed out the degree of fragmentation and divergent approaches to the implementation of GDPR on national levels and addressed the enforcement of the GDPR, opportunities for small and medium-sized enterprises, and the implications of the relationship between the GDPR and new technologies.

The Communication states that it will report separately on evaluation of adequacy standards of personal data standards to third countries and international organisations, given that the Court of Justice in a judgment to be delivered on 16 July 2020 (Schrems II case) may provide clarifications.