On May 25, 2018, a new era for privacy in the European Union (“EU”) began with the entry into force of the General Data Protection Regulation (the “GDPR”). The GDPR put the EU in the front seat in setting high privacy standards protecting EU-located data subjects. It inspired many copycats around the globe.
The GDPR requires the European Commission (the “Commission”), the EU body tasked with legislative proposal powers, to submit a report on the evaluation and review of the GDPR implementation (the “Report”) on an ongoing basis and for the first time by May 25, 2020. The Commission has some latitude as to what it will review but not complete discretion. The GDPR itself requires the Commission to address transfer mechanisms, as well as cooperation and consistency between national data protection authorities.