EU Commission’s Guidance on the direct application of GDPR as of May 2018

On January 24, 2018, the Commission issued “Stronger protection, new opportunities – Commission guidance on the direct application of the General Data Protection Regulation as of 25 May 2018”.

In the document the Commission lists the guidelines that the WP29 has issued (and is about to issue) on several important aspects of the Regulations. [1]

The Commission also list the activities that remain to be done. In particular: i) Member States must finalize “the set-up of the legal framework at national level”; ii)  National DPAs must “ensure that the new independent European Data Protection Board is fully operational” (the European Data Protection Board will substitute the WP29); iii) Member States must “provide the necessary financial and human resources” to DPAs to national data protection authorities; iv) Organizations processing data must “get ready for the application of” the GDP; v) DPA must intensify their awareness-raising activities “to inform stakeholders, in particular citizens and small and medium-size businesses” of the GDPR.

The Commission also discloses its own future activities, from working with Member States in sight of May 25, 2018 (and then monitor them) to making available “online guidance” in all Eu languages, from providing financial support for wareness-raising activities to sparingly using its empowerments power. The Commission will deal with the implementation of the GDPR into EEA-Agreement (Iceland, Liechtenstein, and Norway) and will make sure GDPR concerns will be raised in the Brexit. One year after the entering into force of the GDPR the Commission will take the pulse of the implementation.

Here full COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL. Stronger protection, new opportunities – Commission guidance on the direct application of the General Data Protection Regulation as of 25 May 2018

For more information, Francesca Giannoni-Crystal

—————-

[1]  Guidelines/working documents by the Article 29 Working Party in view of the entry into application of the Regulation

Right to data portability, Data protection officers, Designation of the lead Supervisory Authority. All adopted on 4-5 April 2017

Data protection impact assessment. Adopted on 3-4 October 2017

Administrative fines. Adopted on 3-4 October 2017

Profiling, Data breach, Consent, Transparency, Certification and accreditation, Adequacy referential, Binding corporate rules for controllers, Binding corporate rules for processors. In all cases, work ongoing