GDPR Article 97: Commission reports

Article 97: The Facts

Article 97 concerns the review and possible amendment of the GDPR, and has five clauses.

  1. By 25 May 2020 and every four years thereafter, the Commission shall submit a report on the evaluation and review of this Regulation to the European Parliament and to the Council. The reports shall be made public.
  2. In the context of the evaluations and reviews referred to in paragraph 1, the Commission shall examine, in particular, the application and functioning of: (a) Chapter V on the transfer of personal data to third countries or international organisations with particular regard to decisions adopted pursuant to Article 45(3) of this Regulation and decisions adopted on the basis of Article 25(6) of Directive 95/46/EC; (b) Chapter VII on cooperation and consistency.
  3. For the purpose of paragraph 1, the Commission may request information from Member States and supervisory authorities.
  4. In carrying out the evaluations and reviews referred to in paragraphs 1 and 2, the Commission shall take into account the positions and findings of the European Parliament, of the Council, and of other relevant bodies or sources.
  5. The Commission shall, if necessary, submit appropriate proposals to amend this Regulation, in particular taking into account of developments in information technology and in the light of the state of progress in the information society.

The GDPR will be reviewed during the first two years of its life and the results will be – at some point after 25-May-2020 – made public.  This will be a key moment in the development of the GDPR.  The regulation is likely to evolve over time, in part due to legal cases, but also taking into account the perceived effects on and opinions of businesses, the public and the regulators.

Graeme’s View

Will a growth in demand for personal information, akin to the rise in the number of FOI requests in the UK following the introduction of the Freedom Of Information Act 200, lead to the reduction in personal data held by organisations?  Will post-GDPR high-profile data breach publicity (for example British Airways and Superdrug in 2018) raise the issue in the public’s awareness to make clamping down on non-compliant companies a vote-winning issue?

I expect in the UK that the ICO will gradually increase their regulatory resources and ‘clout’ through increased fines.

Leave a Reply

Your email address will not be published. Required fields are marked *