GDPR one year in – working well, but care needed on burdens for SMEs

Speaking after the European Commission today published its report on the first year of implementation of General Data Protection Regulation (GDPR), EuroCommerce Director-General Christian Verschueren commented:

“We have consistently supported the GDPR and its objectives, and are pleased that the Commission has found it generally to be working well. Protecting personal data is an important part of our sector’s efforts to maintain and improve consumer trust, particularly in light of the massive changes brought about by digitalisation. We note, however, the report’s criticism of some Member States adding extra rules on top of the Regulation. The GDPR has involved companies in significant amounts of work, and we continue to press all concerned to look at reducing this burden, particularly on the 5 million SMEs in our sector.”

The GDPR is scheduled to be reviewed again next year, and EuroCommerce will be pressing the Commission and national data protection authorities to look at ways of reducing the weight of regulation on business. We also believe that more work can be done on clarifying where all companies can simplify their implementation processes without undermining the objectives of the Regulation.  We welcome the Commission’s intention to encourage greater cooperation and coordination among data protection authorities, and the sharing of best practice, so that companies can expect a consistent regulatory approach across Europe.

In line with this, we continue to have concerns at the potential overlaps and contradictions between the GDPR and the draft e-Privacy Regulation, as well as provisions in the latter currently still being discussed in the Council, which allow Member States to introduce additional national rules. Verschueren added:

“Decision-makers need to ensure that the e-Privacy Regulation and the GDPR are aligned and avoid obligations contradicting each other, particularly in respect of consumer consent. Consumers want to have confidence that their data is being used properly, and retailers and wholesalers need to be able to implement both regulations in a way which serves all our customers’ interests consistently across Europe.”