On May 25, 2018, a new era for privacy in the European Union ("EU") began with the entry into force of the General Data Protection Regulation (the "GDPR"). The GDPR put the EU in the front seat in setting high privacy standards protecting EU-located data subjects. It inspired many copycats around the globe.

The GDPR requires the European Commission (the "Commission"), the EU body tasked with legislative proposal powers, to submit a report on the evaluation and review of the GDPR implementation (the "Report") on an ongoing basis and for the first time by May 25, 2020. The Commission has some latitude as to what it will review but not complete discretion. The GDPR itself requires the Commission to address transfer mechanisms, as well as cooperation and consistency between national data protection authorities.

The review might serve as a basis for legislative proposals to amend the GDPR; in this exercise, the Commission is receptive to input not only from EU bodies (the EU parliament, the Council and the European Data Protection Board) or forums (such as the Multistakeholder Expert Group), but also from any interested parties.

To that end, the Commission launched a call for feedback on April 1 that will run until April 29 (note that a registration to the EU portal is required).

Businesses, other organizations and citizens can take this opportunity to relay the concerns identified with the current GDPR drafting (from confusing language to lack of cross-references) or its practical application. While bigger requests such as the call for a more central enforcement of the GDPR, supported by the EU parliament, might fall on deaf ears, small wrinkles could be smoothed in this facelift.

Why wouldn’t you give this a try? #TellTheEUWhy