Since May 25, 2018, the General Data Protection Regulation (GDPR) has become binding law in all EU (and little later in all EEA) member states – a crucial and correct step. Data protection symbolizes trust and has become a competitive advantage for many businesses. In light of the upcoming second evaluation of the GDPR in 2024, this paper by the European Federation of Data Protection Officers (EFDPO) highlights how, from the perspective of data protection practitioners, the business sector – particularly small and medium-sized enterprises (SMEs) – can be better supported in meeting data protection requirements within the context of increasing digitization.
We are aware that any opening up of an important regulation such as the GDPR is unlikely at this time. Nevertheless, we believe that several points that could be modified or added to the GDPR should be considered in the current evaluation or in the future.
The position paper is available here.