EDPB and EDPS Call for Simplified GDPR Record-Keeping Requirements
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have jointly addressed the European Commission regarding the simplification of record-keeping obligations under the General Data Protection Regulation (GDPR). Their letter highlights the need to reduce administrative burdens on organizations while maintaining strong data protection standards. The current record-keeping requirements are seen as complex and sometimes disproportionate, especially for small and medium-sized enterprises (SMEs).
The letter proposes a more streamlined approach to record-keeping that would focus on essential information necessary for compliance and supervision. This would help organizations better allocate resources towards actual data protection measures rather than excessive paperwork. The EDPB and EDPS emphasize that any simplification must not weaken the fundamental rights of data subjects or compromise the effectiveness of GDPR enforcement.
The two bodies also call for clear guidance and harmonized rules across the European Union to avoid fragmentation in data protection practices. Consistency in record-keeping requirements would facilitate easier compliance for companies operating in multiple member states. The letter encourages the Commission to involve all relevant stakeholders in developing the new framework to ensure practical and balanced solutions.
Overall, the joint letter from the EDPB and EDPS aims to support the European Commission in creating a GDPR record-keeping regime that is both efficient and protective of individuals’ privacy rights. Simplifying obligations could foster innovation and competitiveness while upholding the high standards of data protection expected within the EU.