European Commission Plans Review of GDPR to Ease Business Regulations

Since its implementation in 2018, the European Union’s General Data Protection Regulation (GDPR) has mandated that companies handle users’ personal data securely. However, the European Commission (EC) is reportedly preparing to review these regulations and may scale back some rules, potentially simplifying the business landscape for companies operating in Europe.

According to a report from Politico on Thursday, the EC plans to unveil a proposal aimed at revising and reducing GDPR requirements. While the report did not provide specific details on what changes will be made, this initiative aligns with a broader effort led by Commission President Ursula von der Leyen to reduce regulatory burdens.

In a related move in March, the EC also revised its environmental regulations, proposing to simplify rules that would exclude 80 percent of companies from the Corporate Sustainability Reporting Directive’s (CSRD) scope. “EU companies will benefit from streamlined rules on sustainable finance reporting, sustainability due diligence and taxonomy,” von der Leyen stated in a February press release. “And more simplification is on the way.”

Since the GDPR came into effect in 2016, it has sparked significant controversy. The regulation requires tech companies and other firms that collect user data to be transparent about how and why they handle personal information. Additionally, the GDPR mandates that companies provide consumers with options to address their data handling practices, a requirement that many businesses claim leads to cumbersome bureaucratic processes. Numerous companies, particularly in the telecommunications and banking sectors, have faced a barrage of complaints and fines for mishandling user data. The GDPR Enforcement Tracker monitors the latest penalties imposed on companies.

Despite the numerous complaints filed, the fines issued represent only a small fraction of the cases. A report from privacy advocacy group Noyb revealed that only 1.3 percent of cases brought before EU data protection authorities (DPAs) resulted in fines. This apparent lack of enforcement seems particularly pronounced in the area of data protection, and some fines and enforcement actions are not publicly disclosed.

By fLEXI tEAM