During a press conference held on February 3, 2016, the President of the Article 29 Working Party (“Working Party”) discussed the Working Party’s 2016 action plan concerning the new General Data Protection Regulation (“GDPR”). The action plan lays out the groundwork required to prepare the DPAs for their new role under the GDPR and to ensure a smooth transition as the Working Party, established under the Data Protection Directive, is superseded by the European Data Protection Board (“EDPB”). The EDPB will be tasked mainly with ensuring a coordinated and consistent application of the Regulation throughout the European Union.
For 2016, the action plan focuses on the following points:
1. Work on the organizational and logistical needs for the future EDPB, including establishing procedures for cooperation with other EU Institutions, such as the European Data Protection Supervisor.
2. Development of procedures and practical organization for the “one-stop-shop mechanism” and the implementation of the consistency mechanism.
3. Development of guidelines and procedures relating to new requirements for data controllers and processors under the GDPR. Specific guidance can be expected on (i) the right to data portability; (ii) privacy impact assessments (“PIAs”); (iii) certification mechanisms and data protection seals and marks to demonstrate compliance with the GDPR; and (iv) the institutionalization and appointment of Data Protection Officers.
A similar action plan will be rolled-out for 2017 in view of the GDPR’s estimated date of application in the first half of 2018.
The press conference can be auditioned at the following link: https://scic.ec.europa.eu/streaming/article-29-subgroup-implementation-of-the-privacy-directive