Editor’s Note: Published as communication from the European Commission to the European Parliament and Council, the recent report on data protection as a pillar of citizens’ empowerment and the EU’s approach to continued digital transition two years after the application of the General Data Protection Regulation (GDPR) may be beneficial for legal, business, and information technology professionals as they consider data protection in the European Union.

Data Protection as a Pillar of Citizens’ Empowerment and the EU’s Approach to the Digital Transition – Two Years of Application of the General Data Protection Regulation

Report Extract

Opportunities and Challenges for Organizations, in Particular, Small and Medium-sized Enterprises

The GDPR, together with the Free Flow of Non-Personal Data Regulation offers opportunities to companies by fostering competition and innovation, ensuring the free flow of data within the EU, and creating a level playing field with companies established outside the EU. The right to portability, coupled with an increasing number of individuals in search of more privacy-friendly solutions, have the potential to lower the barriers to entry for businesses and open the possibilities for growth based on trust and innovation. Some stakeholders report that the application of the GDPR is challenging especially for small and medium-sized enterprises (SMEs). According to the risk-based approach, it would not be appropriate to provide derogations based on the size of the operators, as their size is not in itself an indication of the risks the processing of personal data that it undertakes can create for individuals. Several data protection authorities have provided practical tools to facilitate the implementation of the GDPR by SMEs with low-risk processing activities. These efforts should be intensified and widespread, preferably within a common European approach in order not to create barriers to the Single Market.

Data protection authorities have developed a number of activities to help SMEs comply with the GDPR, for instance through the provision of templates for processing contracts and records for processing activities, seminars, and hotlines for consultation. A number of these initiatives benefited from EU funding. Further activities should be considered to facilitate the application of the GDPR for SMEs.

The GDPR makes a toolbox available to all types of companies and organizations to help them demonstrate compliance, such as codes of conduct, certification mechanisms, and standard contractual clause. This toolbox should be used to its full extent. SMEs stress, in particular, the importance and usefulness of codes of conduct that are tailored to their situation and which do not entail disproportionate costs. As regards certification schemes, security (including cybersecurity) and data protection by design are key elements to be considered under the GDPR and would benefit from a common and ambitious approach throughout the EU. The Commission is currently working on standard contractual clauses between controllers and processors, building on the on-going work on the modernization of the standard contractual clauses for international transfers.

Review the Complete Report (PDF)

A Pillar of Empowerment – EU – Data Protection

Read the original report at Data Protection as a Pillar of Citizens’ Empowerment

Additional Reading

Source: ComplexDiscovery

 

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is a highly recognized digital publication focused on providing detailed insights into the fields of cybersecurity, information governance, and eDiscovery. Based in Estonia, a hub for digital innovation, ComplexDiscovery OÜ upholds rigorous standards in journalistic integrity, delivering nuanced analyses of global trends, technology advancements, and the eDiscovery sector. The publication expertly connects intricate legal technology issues with the broader narrative of international business and current events, offering its readership invaluable insights for informed decision-making.

For the latest in law, technology, and business, visit ComplexDiscovery.com.

 

Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, DALL-E2, Grammarly, Midjourney, and Perplexity, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.