The fact that the GDPR is perhaps not entirely practical in all respects is also a widespread opinion outside of Switzerland. The GDPR has therefore been added to the list of regulatory simplifications that the EU Commission currently being pursued to strengthen competitivenessaccording to a Communication from EU Commissioner Michael McGrath. A broader package with simplifications that include the GDPR is expected.
In this context, the EDSA and the EDPS have wrote a letter to McGrath. They refer to a plan to extend the exemptions from the obligation to keep a processing register:
- The current SME limit of 250 employees (Art. 30 para. 5 GDPR) is therefore to be reduced to 500 employees be raised, combined with a turnover threshold;
- This exception should not be waived, as is the case today, if processing operations lead to risks, but only in the case of “high” risksand no longer for every processing of particularly sensitive personal data.
EDSA and EDPS express cautious approval of this proposal:
Based on the information available, and subject to a full analysis of the specific proposal, the EDPB and EDPS can express preliminary support to this targeted simplification initiative, bearing in mind that this would not affect the obligation of controllers and processors to comply with other GDPR obligations. […]
Switzerland should consider following these simplifications as they become more concrete. The FADP is based on the GDPR in many areas – including the processing directory – with the aim of achieving comparable protection. If the requirements of the GDPR fall, the DPA should react.