As recently report on the Hunton Privacy & Information Security Law Blog, the European Commission (“the Commission”) submitted its first report on the evaluation and review of the EU General Data Protection Regulation (“GDPR”) to the European Parliament and Council. The report is required under Article 97 of the GDPR and will be produced at four year intervals going forward.
In its report, the Commission concludes that generally the GDPR has successfully met its objectives, namely those of strengthening personal data protection and guaranteeing the free flow of personal data within the EU. It also, however, identified a number of areas for improvement, including fragmentation between member states, enforcement, emerging technologies, adequacy decisions and extra-territorial reach.