UNLESS you’re a data anorak or avid Brussels watcher, you probably missed that the EU is preparing to ease data laws.
The European Commission is finalising a plan to simplify and potentially remove many of the regulatory requirements imposed by the complex and far-reaching General Data Protection Regulation.
Michael McGrath, the European commissioner overseeing data privacy laws, said officials were “examining ways we can ease the burden on smaller organisations in relation to the retention of records”.
The goal is to “improve competitiveness” of the Euro economy through a “range of simplification measures,” the Fianna Fail man added.
Writing in The Irish Sun on Sunday today, Dublin MEP REGINA DOHERTY, says it is time to fix the GDRP mess.
WE’VE all been there. You land on a website and immediately get bombarded with a wall of “cookie” pop-ups, legal disclaimers, and tick-boxes that make you wonder if you’re booking a flight or signing a mortgage.
Or worse — you ring your bank about a suspicious transaction and they tell you, “Sorry, we can’t say anything because of GDPR.”
It’s frustrating, but let’s get one thing clear: protecting people’s data is absolutely essential.
In fact, in an age where personal information has been turned into a weapon — from election interference to financial scams — strong privacy protections are more important than ever.
GDPR was introduced to do exactly that: give people control over their data and make sure companies treated it responsibly.
But somewhere along they way, the EU turned a good idea into a bureaucratic mess — and Irish businesses, especially our small and medium enterprises, are the ones being strangled by the red tape.
SPRAWLING MESS
The General Data Protection Regulation, passed in 2016 and fully rolled out across the EU by 2018, was once hailed as one of the Union’s crown jewels.
But, let’s be honest, parts of it have become a mountain of red tape.
It’s morphed into a sprawling, confusing mess that’s holding back Irish businesses, costing them money, and — most worrying of all — making it easier for online scammers to thrive.
It’s time to take the scissors to it — and here’s why.
Last year, just 15 per cent of Irish businesses believed they were fully compliant with GDPR.
Not because they don’t care about data protection — they do — but because the rules are so complex, so burdensome, and so poorly suited to the reality of how modern businesses operate.
It’s madness. And it’s costing jobs and innovation.
While big tech companies with armies of solicitors and compliance staff can jump through the hoops, the local café chain, the Irish fintech startup, or the family-run shop selling online — they are the ones left drowning in legal jargon and administrative overhead.
EASIER FOR SCAMMERS
And here’s the real kicker: while GDPR is busy tying up honest businesses in knots, it’s also making life much easier for scammers.
Yes, you read that right.
This isn’t just about business paperwork — it’s about you, the consumer, and your safety online.
The current GDPR rules, while designed to protect your privacy, are actually putting you at greater risk.
Right now, financial institutions and tech companies are of- ten blocked from sharing information with law enforcement when they spot suspicious activity, all in the name of data protection.
This means warnings about scams, fraud attempts, and suspicious transfers can fall through the cracks — and you’re the one left vulnerable.
If someone was trying to drain your bank account or impersonate your family member on WhatsApp, wouldn’t you want the people who can stop it to be able to act quickly and share what they know?
OVERHAUL THE RULES
Thankfully, there is now momentum building for change. The EU is on a current trend of slashing red tape to remain competitive and ensure businesses not only move here but stay in the Union.
Commissioner Michael McGrath has confirmed that the European Commission will reform GDPR as part of a wider simplification package for small and medium-sized enterprises.
But most of what’s on the table so far is focused on data storage and admin, not the urgent reforms needed to help tackle scams and support frontline businesses.
That’s why I put the question directly to him in the European Parliament this week: will we finally overhaul the rules so they work for people, not just for bureaucratic paper-pushers?
The European Union cannot afford to keep regulating like it’s 2015.
If we want to stay competitive in a global market, if we want to encourage entrepreneurship, if we want to crack down on online scams — then we need a smarter, more flexible approach to data protection.
That means slashing the red tape, scrapping pointless obligations, and freeing up businesses to get on with the job. Privacy matters. But, of course, so does common sense.
It is time to fix GDPR — before more businesses go under, and more people fall victim to scams we could have prevented.
