Speaking at the ASSO DPO conference in Milan today, Giovanni Buttarelli, European Data Protection Supervisor said that everyone needs to do their homework on the EU General Data Protection Regulation – DPOs, national legislators and Data Protection Authorities. He said more guidance is in the pipeline and that the EU Article 29 WP should issue guidance on certifications by the end of the year.
Buttarelli spoke on the 20th anniversary of Italy’s data protection law, saying that Regulators can be more selective under the GDPR, and impose larger fines. He said that the European Data Protection Board wants to be transparent. The group can deliver binding decisions which can be appealed to the European Court of Justice. In an ideal world, one day we would have just one European level regulator but now this body is needed to facilitate the cooperation of national DPAs.
He said that some concepts in the GDPR are not yet clear, and encouraged businesses to develop solutions – certification schemes can bring great benefits, he said.
Stewart Dresner, CEO of Privacy Laws & Business spoke about the impact of Brexit on UK data protection. “Expect no change until March 2019. Assume that the law will be broadly speaking following the GDPR,” he said. Despite Brexit, the UK will remain a member to the Council of Europe and will therefore follow Convention 108 on privacy.
More about the conference at www.assodpo.it