Over two years after its implementation, the General Data Protection Regulation has "met most of its objectives" but a number of inconsistencies in application need to be addressed, the European Commission said in a report published June 24.

According to the EC, handling of cross-border GDPR cases need a "more efficient and harmonized approach." The regulator said each member state must align its GDPR-related guidance with that created by the European Data Protection Board.

The EC also said the processing of personal data in relation to the prevention, investigation, detection or prosecution of criminal offenses should be aligned with the Data Protection Law Enforcement Directive. To help with this task, the EC published guidance identifying the 10 legal acts that regulate data processing.

The EC is also looking to modernize other mechanisms for data transfers, including the utilization of Standard Contractual Clauses, the most widely used data transfer tool. In line with this, the European Data Protection Board is working on specific guidance on the use of certification and codes of conduct for transferring data outside of the European Union.