EC Review Finds GDPR Successful, in Need of Improvement

end of the world" didn't materialize, she said. Seventy percent of Europeans have heard of the regulation but more awareness is needed, she said. The review found the EC approach was correct, with more companies using privacy by design as a competitive advantage, and the one-continent, one-law philosophy enabling more businesses, particularly small and mid-sized ones, to operate in Europe's single market. It included a "serious to-do list," Jourova noted. One key issue is the resources available to national data protection authorities (DPAs). There was a 42% increase in staff and a 49% hike in budgets between 2016 and 2019, but the European Data Protection Board (EDPB) and DPAs must boost cooperation to provide a pan-EU data protection culture, Jourova said. The EC is monitoring DPA resources, said Justice Commissioner Didier Reynders. It's possible some national authorities, such as Ireland and Luxembourg, that handle complex cases involving big tech companies might need more capacity and cross-border cooperation, he said. "Consistent and efficient enforcement of the GDPR remains a priority," said European Data Protection Supervisor Wojciech Wiewiorowski. He proposed creating a shared pool of experts in the EDPB to help DPAs in complex and resource-heavy cases. The EC review was "thorough but critical," said Computer and Communications Industry Association Europe Senior Policy Manager Alex Roure: Two years after becoming law, companies and consumers still "lack clear guidance from enforcers which too often take diverging, national actions." The GDPR "has failed to live up to its promise," proving to be a "complicated, burdensome drain on Europe's digital economy," said Center for Data Innovation Senior Policy Analyst Eline Chivot. The review shines an "unflattering lights" on many shortcomings, yet the EC "seems determined to double down by layering on even more rules."