"The EU Parliament has recently voted and confirmed that, to date, the General Data Protection Regulation (GDPR) has been an overall success and does not need any amendments. However, the EU Parliament acknowledges that the focus should be targeted towards implementation efforts and strengthening the enforcement of the Regulation. The following are some key points from their resolution:
- There is concern that ‘legitimate interest’ is being abusively used as a legal basis for the processing of personal data and that in many instances, such use is without the required test of the balance of interests.
- There is concern that a number of companies still continue to breach their obligations under Article 12(1) of the Regulation and fail to provide all the relevant information recommended by the EDPB, including but not limited to the listing of entity names with whom they share data.
- Contrary to any perceived misconceptions, all SMEs, start-ups, organisations and associations, including schools, clubs as well as societies have always been and remain within scope of the GDPR.
- High concern that some Supervisory Authorities are non-existent when it comes to their enforcement efforts. Furthermore, follow-up to the initial complaints (275,000 as per cut-off date) is lagging and begs for improvement.
- The majority of supervisory Authorities (21 out of the 31 states in the EU, EEA and UK) have complained that they do not have sufficient human, technical and financial resources, premises and infrastructure to perform their tasks in an effective manner, leaving the burden on individual citizens to bring data protection claims to court. Furthermore, the EU Parliament calls on Member States to comply with article 52(4) obliging them to allocate sufficient funds and resources for their respective Supervisory Authorities to effectively carry out their work. This in turn will ensure a European level playing field for the enforcement of the GDPR.
- There is strong concerns over the abuse of the GDPR by some Member States’ public authorities to curtail journalists and non-governmental organisations.
- There is a deep concern about the lack of implementation of the ePrivacy Directive by the Member States in view of the changes introduced by the GDPR."
You may view the document here.