The European Commission will consider the necessity of introducing infringement procedures against Member States that fail to comply with the EU’s general data protection regulation (GDPR), the Commission’s Justice Chief Didier Reynders has warned.

His comments came following the recent publication of the Commission’s GDPR review, which highlighted several shortfalls across Member States in terms of compliance with the EU’s data protection.
In the review, published towards the end of June, Ireland and Luxembourg were singled out as being under-resourced to the extent that their ability to ensure adequate GDPR compliance in their countries should be hindered.
“We will take all necessary initiatives to have a correct implementation and also, we will analyse the necessity to introduce infringement policies,” Reynders said.
Reynders added that action against Ireland, the lead authority for actions involving several of the Big Tech firms, would be taken “if needed”.
Helen Dixon has previously lamented that the Irish DPC is under-resourced when analysing the volume of complaints it is required to process, after receiving less than a third of the budget it had called for in 2020.
“Given that the largest big tech multinationals are established in Ireland and Luxembourg, the data protection authorities of these countries act as lead authorities in many important cross-border cases and may need larger resources than their population would otherwise suggest,” the document states.
However, lawmakers in the European Parliament have recently raised the issue of the under-funding of national data protection authorities, noting that it should not necessarily be used as an excuse for a lack of actions taken out. Member States that don’t resource their national data protection authorities as appropriate should face punitive measures, EU lawmakers claimed.


Author: Samuel Stolton

https://www.euractiv.com/section/data-protection/news/commission-to-analyse-necessity-of-gdpr-infringement-procedures/