The Evolution of Legal Obligations Toward Facilitating Business and the Social Sector

The Evolution of Legal Obligations Toward Facilitating Business and the Social Sector Without Undermining Individual Rights

Fewer burdens for small and medium-sized enterprises (SMEs) and non-governmental organizations (NGOs), while ensuring an appropriate level of personal data protection — this is the main message of the declaration signed by the President of the Data Protection Office and representatives of supervisory authorities from Central and Eastern Europe.

During the 23rd Meeting of the Central and Eastern European Data Protection Authorities, held in Kraków and Lusławice on June 12–13, 2025, a Declaration was signed on strengthening data protection authorities, ensuring regulatory balance, and supporting SMEs and NGOs.

The signatories of the Declaration noted that both SMEs and NGOs face similar challenges in applying complex data protection regulations. They committed to promoting simplification and reducing administrative burdens while fully respecting individuals’ rights.

The Declaration emphasizes, among other things:

• The need for a thorough assessment of planned legislative changes, including GDPR deregulation proposals, based on research and impact analyses across various sectors;
• The necessity of supporting NGOs, which, like SMEs, often operate with limited implementation resources;
• Strengthening independent supervisory authorities by increasing their funding and advisory capacity so they can effectively support diverse stakeholder groups;
• Continuing cooperation and knowledge exchange among data protection authorities in the Central and Eastern European region.

The Declaration assumes that legal regulations in the field of data protection should evolve in a way that supports economic and social activity and innovation, while maintaining a high standard of privacy protection and respect for individual rights.