Written by: Haim Ravia, Dotan Hammer
The General Data Protection Regulation (GDPR), which attracted a reputation for its rigid protection of individual data rights, may soon change. The European Commission recently announced that it has finalized a plan to simplify the GDPR’s regulatory requirements, particularly those affecting small and medium businesses.
Since coming into effect in 2018, the GDPR has been subject to debate, criticism, and imitation in countries outside the European Union. However, a report on the “Future of European Competitiveness” warned that the GDPR “hampers innovation”, may be overly burdensome, and imposes a significant financial burden on the European market. Compliance costs, as high as 10 million Euros for large companies, have reportedly driven consumer prices in certain markets by up to 24%.
The plan is expected to be made public in May. While the European Commission remains committed to “preserving the underlying core objective” of the GDPR, several possible changes are anticipated, including simplifying recordkeeping requirements for small and medium businesses.
Other EU laws have similarly been criticized. The EU Commission’s move on the GDPR may also signal possible changes to the recent AI Act, which was also mentioned in the same report.
Click here to read Part A of the September 2024 Draghi Report regarding European competitiveness, and here to read Part B, detailing its recommendations.