Centre for Information Policy Leadership’s Response to the EU Commission Consultation on the Evaluation of the GDPR The Centre for Information Policy Leadership (CIPL) 1 submits this response (the Paper) as input for the EU Commission’s upcoming Report on the GDPR. This Paper builds and expands on CIPL’s 2019 report “GDPR One Year In: Practitioners Take Stock of the Benefits and Challenges”, 2 which summarised the benefits, challenges and unfulfilled promises of the GDPR for organisations. I.
Companies continue to derive benefits from the GDPR
CIPL confirms that in 2020, the GDPR continues to act as a driver of benefits for organisations by: •
Turning data protection into a mainstream business issue, beyond just legal and compliance;
•
Creating momentum and focus on data protection, providing businesses with the opportunity to level-set their practices with other organisations and enabling a shift in organisational approaches to data protection through the implementation of comprehensive privacy compliance programmes;
•
Aligning data protection with organisations’ digital transformation, data strategy and data-driven innovation, and instilling good data hygiene and governance, thereby enabling organisations to use data responsibly;
•
Forcing organisations to deliver more user-centric transparency to individuals and to reassess or build effective processes for responding to individual rights requests, resulting in improved relationships with individuals;
•
Enabling more effective protection and fostering enhanced trust from individuals, business partners and investors;
•
Removing burdensome notification and authorisation requirements with DPAs;
•
Fostering consistency in assessing data protection risks and mitigating them;
•
Impacting the business bottom line, by creating a positive return on investment from accountable practices and making data protection a strategic business driver and market differentiator; 3 and
•
Making it easier to engage in international business by encouraging organisations to address data protection globally across all business lines, products, services and locations and setting a global baseline for data protection law that serves as a reference for other countries and enables economic efficiency. 4
1