The Chair of the European Data Protection Board, (EDPB), Ms Andrea Jelinek, Head of Austria’s Data Protection Authority, said that the Board is fully functioning, despite the fact that not all EU Member States have managed to adopt GDPR adaptation laws. As the GDPR is a regulation, it is directly applicable. The members of the European Economic Area will also attend Board meetings and the One Stop Shop, but will not have voting rights.
The EDPB and national Data Protection Authorities have already received their first complaints regarding consent. The Board has adopted new guidelines on consent and certification.
The two Vice-Chairs are Willem Debeuckelaere, Chair of Belgium’s Data Protection Commission and Ventislav Karadjov, Chair of Bulgaria’s Data Protection Commission.
Jelinek said that there is no grace period as companies have had two years to prepare for the GDPR, but the DPAs would follow the proportionality principle when issuing fines. Karadjov added that the EDPB will create a preventative environment – accountability is part of that as companies can demonstrate the steps which they have taken to comply. Certification can play a useful role in this area.
The countries that have so far adopted new national laws include Germany, Austria, Slovakia, Denmark, Sweden, UK, the Netherlands, Poland, Italy, Belgium, Ireland and Croatia. France has adopted an Act but it is now under constitutional review. Jelinek said it is up to the European Commission whether to launch infringement procedures on the countries that have missed the deadline.
Privacy Laws & Business 31st Annual International Conference focuses on GDPR compliance. See the programme and register.
Willem Debeuckelaere, Chair of Belgium’s Data Protection Commission, will speak as Vice-Chair, representing the European Data Protection Board, on its transition from the Art. 29 Data Protection Working Party.