In a press release published on January 16, 2017, the Article 29 Working Party (“WP 29”) has outlined its strategy for 2017 on implementation of the General Data Protection Regulation (“GDPR”).
WP29’s “2017 GDPR Action Plan” identifies the following priorities, objectives, deliverables and activities for the coming year:
- 2016 Follow-Up. WP29 will finalize work commenced in 2016 on: (i) data protection certification mechanisms; (ii) processing activities likely to result in “high risk” processing and Data Protection Impact Assessments; (iii) administrative fines; (iv) administrative issues presented by the establishment of the European Data Protection Board (“EDPB”); and (v) establishment of the “one-stop shop” and the EDPB consistency mechanism.
- New 2017 Priorities. WP29 intends to produce guidelines on: (i) consent and profiling; and (ii) “transparency” (presumably, notice requirements). In addition, WP29 will update its existing opinions and reference documents that address: (i) data transfers to third countries; and (ii) breach notification.
- Stakeholder Consultations. WP29 will hold the following outreach activities during 2017:
– “Fablab” consultation on 2017 priorities with business and public interest representatives (April 5-6, 2017); and
– Interactive workshop with international privacy regulators on GDPR implementation (May 18-19, 2017).
In addition, stakeholders have until the end of January to provide feedback on the GDPR guidance WP29 issued in December 2016 concerning (i) data portability; (ii) data protection officers; and (iii) the lead supervisory authority.
* * * * *
Alston & Bird is closely following WP29’s guidance and activities and is advising multinational organizations on implementing GDPR requirements. For more information, contact Jim Harvey, David Keating, or Jan Dhont.