The EU is preparing to simplify the GDPR

The European Commission is currently working on simplifying and possibly eliminating several obligations under the General Data Protection Regulation, to reduce regulatory burdens on small and medium-sized enterprises (SMEs), which have long faced challenges in complying with the GDPR’s complex documentation and procedural requirements.

On 13 March 2025, at a discussion hosted by the Centre for Strategic and International Studies (CSIS), Michael McGrath, European Commissioner for Justice and Consumer Protection, confirmed plans to simplify the GDPR. He announced that the European Commission is prioritizing the simplification of record-keeping obligations for SMEs, while maintaining the core principles of the regulation. McGrath stated that the aim is to improve the competitiveness of the European economy through a “whole range of simplification measures”. The forthcoming "Digital Package," expected by 21 May 2025, will include measures to simplify record-keeping obligations for organizations with fewer than 500 employees, while maintaining the core principles of data protection.

At the end of March, Denmark’s Minister for Digital Affairs, Caroline Stage Olsen emphasized that while privacy is crucial and the GDPR has many strengths, its complexity makes compliance difficult for businesses. She stressed that the EU needs “to make it easy for businesses and for companies to comply”. As Denmark takes over the EU Council presidency in the second half of 2025, simplifying digital rules is expected to be a priority. These reforms are part of a broader initiative to enhance the competitiveness of the European economy by streamlining regulatory requirements.

While the proposed changes aim to alleviate these challenges, some privacy advocates express concern about maintaining robust data protection standards. The Commission emphasizes that the simplification efforts will not compromise the fundamental rights and freedoms safeguarded by the GDPR.