The European Commission is finalizing plans to simplify the General Data Protection Regulation (GDPR) to ease the burden on small and medium-sized businesses. The aim is to simplify the law while maintaining its core principles, particularly privacy protection. Michael McGrath, the European Commissioner overseeing data privacy, emphasized that the goal is to make it easier for businesses to comply without compromising privacy standards. Danish Digital Minister Caroline Stage Olsen also expressed support for reducing regulatory complexities, stating that businesses should not face unnecessarily burdensome regulations.
The European Commission’s goal is to improve the competitiveness of the European economy by implementing simplification measures for small businesses, particularly those with fewer than 500 employees. One of the changes under consideration is the simplification of record-keeping requirements for small businesses, which could make compliance less challenging. The European Commission is expected to unveil the full plan by May 21, 2025, and many data privacy experts are watching closely to ensure that these changes do not undermine the law’s core privacy protections.
The push for GDPR reform follows concerns raised by a report from former Italian Prime Minister Mario Draghi, which highlighted the negative impact of the GDPR on European competitiveness. Draghi’s report argued that the GDPR and other overly burdensome regulations were hindering the EU’s ability to compete with China and the U.S. Inconsistent enforcement across European countries has created legal uncertainty, leading to higher compliance costs and administrative challenges for businesses. The report also noted that the GDPR’s fragmentation complicates cross-border entrepreneurship and innovation.
For industries heavily reliant on data, such as software, the GDPR’s high compliance costs have become a significant barrier. Small and medium-sized businesses face costs of up to €500,000, while larger companies can incur up to €10 million in compliance expenses. The inconsistent enforcement of GDPR also threatens the development of new technologies like AI, as it introduces uncertainty into the regulatory framework. The Draghi report calls for the development of simplified and harmonized rules across the EU to support innovation and ensure smoother implementation of data privacy laws.
Reference:
