EU Commission Publishes Second GDPR Evaluation Report Highlighting Cross-Border Challenges

The European Commission has issued its second evaluation report on the application of the GDPR, submitted pursuant to Article 97 GDPR. While the report underscores notable advances in data protection, it also stresses persistent challenges—especially around the cross-border cooperation and consistency among national data protection authorities.

The Commission highlights that GDPR has indeed delivered meaningful benefits for both individuals and businesses across the EU. Its risk-based, technologically neutral approach remains a strong foundation for safeguarding personal data while balancing proportional obligations for controllers and processors. However, the report also calls for bolstered support for SMEs, researchers, and smaller organisations, as well as clearer, more actionable guidance from Supervisory Authorities to ensure consistent interpretation and application of the GDPR throughout the EU.

A critical area of concern remains the handling of cross-border cases, where divergences in national procedures and interpretations have hindered cohesive enforcement. To address this, the Commission already proposed a Regulation in July 2023 introducing detailed procedural rules for cross-border complaints and cooperation—emphasizing transparency, d ue process, and timely resolution across Member States. These enhancements aim to streamline enforcement and reduce fragmentation