Brussels, 04 December – During its December 2024 plenary, the European Data Protection Board (EDPB) adopted a statement on the second report of the European Commission on the application of the General Data Protection Regulation (GDPR).*
In its statement, the EDPB welcomes the reports from the European Commission and the Fundamental Rights Agency**. Importantly, the EDPB underlines the importance of legal certainty and coherence of digital legislation with the GDPR, and recalls some of its ongoing initiatives to clarify the enforcement interplay of the GDPR with the AI Act, the EU Data Strategy and the Digital Services Package.
In addition, the EDPB announces it will step up the production of content for non-experts, small and medium-sized enterprises (SMEs) and other groups.
Finally, the Board highlights the genuine need for additional financial and human resources to help DPAs and the EDPB deal with increasingly complex challenges and additional competences.
Note to editors
* In July 2024, the European Commission published its second report on the application of the GDPR, adopted under Art. 97 GDPR.
** In June 2024, the Fundamental Rights Agency (FRA) published a report on the experiences of DPAs when implementing the GDPR. The findings of this report complement the European Commission's evaluation of the GDPR.
Brief
"On 04 December 2024, the European Data Protection Board (EDPB) issued an update regarding its plenary meeting. The EDPB welcomed reports from the European Commission and the Fundamental Rights Agency, emphasizing the importance of legal certainty and coherence with the General Data Protection Regulation (GDPR)."
Highlights content goes here...
Purpose
The European Data Protection Board (EDPB) adopted a statement on the second report of the European Commission on the application of the General Data Protection Regulation (GDPR). The EDPB’s objective is to provide clarity and coherence in digital legislation, emphasizing the importance of legal certainty and highlighting ongoing initiatives to clarify enforcement interplay with other EU regulations. This move aims to promote consistency and guidance for data protection authorities and stakeholders.
Effects on Industry
The adoption of this statement will have a significant impact on industries operating within the EU’s digital landscape. The EDPB’s emphasis on coherence in digital legislation may lead to changes in compliance strategies and practices among businesses, particularly those involved in AI development, data-driven services, and online marketplaces. This shift could result in increased costs for companies seeking to adapt their operations to meet evolving regulatory requirements.
Relevant Stakeholders
The EDPB’s announcement affects various stakeholders within the EU’s digital ecosystem. Data protection authorities (DPAs), small and medium-sized enterprises (SMEs), and non-expert groups will benefit from enhanced content production, facilitating a better understanding of GDPR obligations and enforcement mechanisms. Additionally, the increased demand for financial and human resources to tackle complex challenges will impact DPAs and the EDPB directly, necessitating adjustments in resource allocation.
Next Steps
To comply with this update, stakeholders should take note of the following actions: Companies operating within the EU’s digital landscape should reassess their compliance strategies to ensure coherence with GDPR requirements. SMEs and non-expert groups can look forward to receiving more content on GDPR-related topics, enabling them to better navigate data protection regulations. DPAs and the EDPB will need to allocate additional resources to address increasingly complex challenges arising from evolving regulatory environments.
Any Other Relevant Information
Historically, the EU has prioritized harmonizing digital legislation to ensure consistency across member states. This move reflects the ongoing effort to establish a unified framework for data protection within the EU’s digital landscape. The EDPB’s commitment to providing clarity and guidance on GDPR obligations and enforcement mechanisms underscores its dedication to promoting trust and transparency in the online environment. As the regulatory landscape continues to evolve, stakeholders must remain vigilant and adapt their operations accordingly to comply with emerging requirements.
