As part of its overall strategy for implementing the provisions of the General Data Protection Regulation (GDPR), the Article 29 Working Party has published its action plan for the year 2017 (the document can be called up here).
The current action plan is part of the overall strategy of the Article 29 Working Party ("Working Party ") for implementation of the provisions in the GDPR by the time it takes effect in May 2018, and allows an insight into the opinions and guidelines of the Working Party that are planned to be published in 2017 on various relevant subjects in the GDPR.
The initial intention is for the Working Party to complete its guidelines on the right of data portability, on the status of the Data Protection Officer and on determination of the lead supervisory authority. The respective opinions are already available in draft form on the website of the Working Party. The final versions of the respective guidelines are expected following completion of the consultation phase at the end of January.
As part of the action plan, the Working Party will also publish new or amend existing guidelines on the following subjects: requirements on consent and profiling, data transfer to third countries, data breach notifications, preconditions for and scope of administrative fines, processing likely to result in a high risk and Data Protection Impact Assessments (DPIA), standards for certification procedures as well as illustration of the transparency issues under the GDPR.
The above mentioned subjects are of paramount relevance. As the GDPR on the one hand significantly extends and tightens the requirements in this respect compared to the previously applicable statutory rulings - for example in the Data Protection Directive 95/46 and the German Federal Data Protection Act (“Bundesdatenschutzgesetz”) -, while on the other hand frequently failing to provide clear standards for interpretation and application, the guidelines of the Working Party offer data controllers and processors an important basis for correct implementation of the respective requirements in their processing procedures.
If the new guidelines are published by the Working Party during the course of the year, we will report on the precise content, together with the resulting practical consequences, in our Data Protection Update.