CIPL Project on EU GDPR Implementation
Project Background
The political agreement on the EU General Data Protection Regulation (GDPR) has been reached and the new Regulation will be on the books by the end of the first quarter of 2016. Organisations will have a two year period (spring 2016-spring 2018) to assess the impact of the Regulation on their activities, devise and execute implementation strategies and make changes to their business processes, compliance infrastructures and IT systems to reflect the new requirements. The new regime will bring changes not only to organisations, but also to the data protection authorities and how they oversee, supervise and enforce the new rules in Europe.
Some of the immediate impacts of the GDPR relate to its jurisdictional and extraterritorial reach; new requirements concerning privacy impact assessments, privacy by design, pseudonymisation, data breach notification, data processor obligations, organisational accountability and data protection officers, data protection principles, rights of individuals; legal liability, remedies, fines; and the roles and powers of data protection authorities. Importantly, despite the ambition to harmonise data protection rules across Europe, the GDPR leaves a significant margin of maneuver to Member States in its application. It also gives both the EU Commission and the new European Data Protection Board (EDPB) powers to enact implementing regulations and guidance. To address these changes, CIPL is launching a special project in March 2016 – the CIPL PROJECT ON GDPR IMPLEMENTATION. The rationale for the project is the need for a constructive and expert dialogue between industry, regulators and key policy makers, that will inform and build bridges between different stakeholders, help develop consistent and forward thinking interpretations of the new requirements and devise best practices for implementing the requirements. Consistent interpretation, implementation, oversight and enforcement of the new rules across the EU Member States are all critical to the success of the GDPR and the European Single Digital Market Strategy. Finally, the GDPR and the way it which it is implemented will have a significant influence on other countries and regions around the world as they develop their data privacy regimes. |
Project Objectives
The project aims to establish a forum for an expert dialogue between industry representatives, DPAs, the European Data Protection Supervisor (EDPS), the EU Commission, Member States representatives and academic experts through a series of workshops, webinars and white papers with the following specific objectives:
|
Proposed Project Topics
The specific topics to be covered in the project will be ultimately decided by the project Steering Committee, DPAs and other project stakeholders. The proposed topics of focus include application of the law to controllers and processors, main establishment and OSS, pseudonymisation, legitimacy (consent, legitimate interest-based processing), further processing for new purposes, “profiling”, risk management, privacy impact assessments, data breach notification, cross-border data transfer mechanisms, demonstrating accountability, privacy seals and certifications, and the new powers, responsibilities and working of DPAs and the EDPB.
Download the project "5 Buckets" focus topics. |
Project Timeline
|
Project White Papers, Written Submissions and Articles
Project Workshops and Webinars
CIPL Working Session on Profiling, Automated Decision-Making and Cross-Border Data Transfers under the GDPR
November 7, 2017 Webinar: Profiling and Automated Decision-Making under the GDPR July 27, 2017 CIPL GDPR Project Senior Leaders Working Session on Smart Data Protection - How Can DPAs Maximise Effectiveness within the Context of Increased Responsibilites and Limited Resources? June 14, 2017Workshop III: GDPR Implementation - Status, Key Challenges and Understanding the Core Principles of Consent, Legitimate Interest and Transparency March 6-7, 2017 Working Session on Seals, Certifications and Codes of Conduct November 8, 2016 Webinar: Understanding Certifications, Seals and Marks under the GDPR October 27, 2016 Workshop II: The Role of the Data Protection Officer (DPO) and Risk and High Risk under the GDPR September 19, 2016 Paris Webinar: The Role of the DPO Under the GDPR June 22, 2016 Webinar: The Role of "Risk" and "High Risk" Under the GDPR May 24, 2016 Workshop I: Towards a Successful and Consistent Implementation of the GDPR March 16, 2016 Amsterdam |
Copyright © 2024 by the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP.
|