On 11 June 2024 a report was issued detailing the experience of a group of expert stakeholders, including businesses, civil societies and individual professionals and academics, in relation to the GDPR.
The report identified several positive developments since the entry into force of the regulation, including an increase in data protection compliance and awareness of the rules and the fact individuals had greater control over their personal data as a result of the enhancement of their data subject rights.
Some participants noted that the GDPR is setting a global standard and that other regions in the world are increasingly adopting similar models, leading to a harmonisation of data protection standards.
It was recognised that small and medium sized enterprises have significantly invested in GDPR compliance. It was also recognised that the GDPR had had a role in harmonising rules on data protection across Europe.
On the other hand, the report identified various challenges which remain in relation to the application of the GDPR. Some stakeholders raised the issue of inconsistencies in the interpretation of the GDPR by data protection authorities, which leads to legal uncertainties. Several members raised difficulties with specific provisions of the GDPR, for example data minimisation, storage limitation and the use of codes of conduct and certifications. Conflicts between the GDPR and other regulations were also acknowledged as a challenge. In terms of international transfers some members asked for the rapid adoption of standard contractual clauses for data transfers to controllers and processors outside of the EU whose processing is subject to the GDPR.
It was also identified that the EDPB guidelines could be difficult to interpret and enforcement was another area which raised concerns, especially in cross-border cases.
The full report can be found here.