When the General Data Protection regulation took effect in 2018, it changed the landscape for businesses across industries, causing disruptions in their ability to collect and use data and changing how business thinks about, manages and protects data privacy. While the law has introduced positive, pro-consumer, pro-privacy change, the legislation has not been without its challenges (and challengers).
From allegations that it hampers business competitiveness and innovation to a range of claims that it is almost too complex to comply with, GDPR remains controversial, even if widely implemented and modeled after.
The bottom line: the GDPR, while fit for purpose, is not a perfect fit – and the European Union has acknowledged that the time is right to take action.
Why change GDPR now?
Seven years into the lifespan of the GDPR, the time has come for an overhaul to the landmark regulation. Aimed at simplifying the law to make compliance easier, particularly for small and medium-sized enterprises, the initiative is also seen as a way to tackle the perceived hurdles GDPR throws into business’s path: sluggish competitiveness and barriers to innovation.
These changes come at a time when Europe wants to position itself as a leader in global technology, especially as turbulent geopolitical headwinds provide a natural opening for a shakeup. But in order to capitalize on emerging opportunities, many of GDPR’s limitations, especially in the face of rapidly accelerating AI technologies, need re-examination. Automated decision-making, profiling, and international data transfers are among some of the areas in question. Likewise, there is some consensus around the idea that adopting new AI-specific legislation does not make sense when common-sense, if complex, laws like GDPR already exist that can “provide a more sustainable approach to governance”.
While there is widespread support for GDPR reform, there are dissenting voices that continue to support the clear need for strong data protection and privacy rights. Even those who question the extent of the GDPR reforms can agree that the complexity of GDPR has stood in the way of efficient GDPR enforcement, which is the other side of the coin. Reform is needed to safeguard privacy as well as enforce it – and there are currently genuine gaps in the GDPR Procedural Regulation.
Trust through compliance
A 2025 Cisco report found that privacy laws are a cornerstone of business advantage, even if this relationship is not always clear to see immediately. In their survey, Cisco discovered that 96% of organizations reported that the returns on privacy compliance investments significantly outweighed the costs. Data privacy is further seen as an outsized business risk in the face of widespread generative AI use, where the risk for data leakage is highest, especially as it can be almost inadvertent. More robust data governance is of the utmost importance, which may become easier and more transparent when GDPR is simplified.
It’s easy to be compliant with CookieHub
Sign up today and create a custom cookie banner for your website
- 30 day free trial
- No credit card required
The next steps for your business
For most businesses, the new GDPR will be an opportunity to refresh, prepare for the bigger role of AI and its consequences, and look at compliance as a strategic investment for growth and consumer trust. After all, GDPR appears to be moving in a sensible direction to balance the protection of data with its responsible use.
One component of this readiness is ensuring that your consent and cookie management is comprehensive and up-to-date.
Are you compliant?
CookieHub automatically scans your website to detect cookies, ensuring all cookies are easily managed.