European Commission publishes new report on the impact of the EU data protection rules


The European Commission published on 24 July a Report looking at the impact of the EU data protection rules, and how implementation can be improved further. Ecommerce Europe and its members have been already contributing to the discussions around the application of the General Data  Protection Regulation (GDPR) via the European Commission’s Multi-stakeholder Expert Group on this matter, which published a report in June 2019.

The report published on 24 July concludes that most Member States with the exception of Greece, Portugal and Slovenia, have set up the necessary legal framework and updated their national data protection laws in line with the GDPR. The Commission keeps monitoring EU countries to ensure that when they adapt national laws, alignment with the Regulation is ensured and any “gold-plating” is avoided. If needed, the Commission stands ready to use the power at its disposal, including infringements, to ensure that Member States properly apply the new data protection rules.

The report also stresses that businesses are adapting their practices, as compliance with the GDPR seems to have helped companies increase the security of their data and develop privacy as a competitive advantage. The Commission will support the GDPR toolbox for businesses to facilitate compliance, such as standard contractual clauses, codes of conduct and new certification mechanism. Furthermore, the Commission will keep supporting SMEs, for which complying with the new rules can be difficult, given the limited resources they have.

 The GDPR has clearly given national data protection authorities (DPAs) more powers to enforce the rules. The report highlights that during the first year, national DPAs have made use of these new powers effectively when necessary. DPAs are also cooperating more closely within the EDPB, the European Data Protection Board while the Commission is encouraging DPAs to put together their efforts, for instance by conducting joint inquiries.

In line with the GDPR, the European Commission will have to report on the implementation of the Regulation in 2020, to assess the progress made after two years of application. Ecommerce Europe and its members will continue to be actively involved in the discussion, also via the Expert Group of the European Commission.