Deficient by design? The transnational enforcement of the GDPR

Four years following the entry into force of the EU data protection framework (the GDPR) serious questions remain regarding its enforcement, particularly in transnational contexts. While this transnational under-enforcement is often attributed to the role of key national authorities in the GDPR's procedures, this article identifies more systemic flaws. It examines whether the GDPR procedures are deficient-by-design and, if not, how these flaws might be addressed. The conclusions reached inform our understanding of how to secure effective protection of the EU Charter right to data protection. They are also of significance to EU law enforcement more generally given the increasing prevalence of composite decision-making as the mechanism of choice to administer EU law