Article 97 of the European Union General Data Protection Regulation (GDPR) calls upon the European Commission to “report on how the GDPR is being implemented, 2 years after its entry into application.” The Commission’s report is supposed to solicit input from the European Council, European Parliament, European Data Protection Board and the multistakeholder GDPR group. The Commission has also requested input from the public.

EFAMRO, EphMRA, and BHBIA plan on submitting a position paper as part of the consultation. Their recommendations include:

  • “Evaluate and review the application and functioning of the GDPR in its entirety by carrying out an extensive consultation process of society at large and analyse the practical implications of the regulation.”
  • For international data transfers, “Review and update Standard Contractual Clauses and adopt new EU processor to non-EU or EEA processor clauses.”
  • Clarify important aspects of Codes of Conduct.
  • “The Commission’s upcoming evaluation report should also highlight the broad need for practical guidelines.”

Among the most important recommendations from EFAMRO, EphMRA and BHBIA are for the Commission to focus on the fragmented legal landscape, since different EU nations implement GDPR differently: “The aim of replacing the Directive 95/46/EC with a Regulation was to prevent the EU legal landscape from fragmentation. It would be useful for the Commission to investigate further and get a better understanding of how the issue of overlapping territorial scopes of national laws implementing the GDPR has affected controllers and processors and how they are dealing with such fragmentation.