With just over 100 days left before the application of the new General Data Protection Regulation (“GDPR”), the European Commission has published new guidance that outlines what remains to be done, including additional guidance for SMEs.
Andrus Ansip, European Commission Vice-President for the Digital Single Market, said: “Strengthened EU data protection rules will become a reality on 25 May. It is a major step forward and we are committed to making it a success for everyone”.
The guidance recalls the innovations, operational simplifications and opportunities opened up by the new rules. It looks at the preparatory work already undertaken and outlines what still needs to be done.
Vĕra Jourová, Commissioner for Justice, Consumers and Gender Equality, stated: (…) “we call on EU governments, authorities and businesses to use the remaining time efficiently and fulfil their roles in the preparations for the big day”.
It is essential for companies to have a single and coherent set of guidelines. The Working Party of EU Data Protection Authorities (the “WP29”) is working to update existing opinions, including on the tools for transferring data to non-EU countries.
|WP29 Guidelines/working documents in preparation for GDPR’s application|
|Right to data portability||Adopted on 4-5 April 2017|
|Data protection officers|
|Designation of the lead Supervisory Authority|
|Data protection impact assessment||Adopted on 3-4 October 2017|
|Administrative fines||Adopted on 3-4 October 2017|
|Data breach||Work ongoing|
|Consent||Adopted as a working paper for consultation on 28 November 2017|
|Certification and accreditation||Work ongoing|
|Adequacy referential (updated)||Adopted as working paper for consultation on 28 November 2017 (work on additional up-dates ongoing).|
|Binding corporate rules for controllers||Work ongoing|
|Binding corporate rules for processors||Work ongoing|
Sources: EU Commission and WP29
Summaries of the rules for business are available from the EC Commission’s web-site.
See FLINN’s web-site for our GDPR Toolkit and further information about data protection.
Article from our member FLINN – Belgium.