The European Data Protection Board is ready to start its work immediately when the GDPR enters into force on 25 May 2018. Speaking at the ASSODPO conference in Milan today, European Data Protection Supervisor, Giovanni Buttarelli said that the group has now prepared procedural rules, and held discussions about work methods.
“EDPB will not be a successor of EU Article 29 Working Party, we will turn a new page. The DPA group is no longer just a consultative body.”
Buttarelli stressed transparency and accountability for the group. “We want to be more accessible and more modern, but also more selective, as we will have to take more decisions collectively.”
Buttarelli said that a quarter of EDPS staff will form the secretariat of the EDPB, but they will work separately as already defined in the Memorandum of Understanding between the two bodies.
“We will now have to decide on priorities for the EDPB. We will have a press conference on 25th May.”
He commented on the corrigendum to the GDPR saying that the corrections currently underway do not include anything of substance. There have been some errors of syntax, but essentially there will be nothing new that organisation should be concerned about.
As the deadline for adopting GDPR implementation laws in now only 17 days away, Buttarelli predicted that up to 15 countries will have their laws ready by then. With regard to Italy, which is currently in the process of forming a new government but may have to resort to a caretaker government for now, Buttarelli said that the plans include too much bureaucracy, which is against the goal of the GDPR to diminish red tape.
Speaking about the international impact of the GDPR, Buttarelli recognised the work of PL&B Asia Pacific editor Graham Greenleaf for his research in identifying countries globally that have a privacy law.
“GDPR has no grace period. It will stay with us at least for 20 years.”