On 16 March 2016, CIPL and the Dutch Ministry of Security and Justice co-hosted a workshop in Amsterdam entitled “Towards a Successful and Consistent Implementation of the GDPR”. The workshop kick-started the special CIPL project on the consistent interpretation and implementation of the EU GDPR.
The main objective of the workshop was to initiate an open and constructive dialogue between industry members, regulators, and policymakers on two topics, namely, “Data Privacy Programmatic Management” and “Individual Rights”.
- In this report, we discuss the eleven key themes explored during the workshop:
- Ongoing, high-level, and open engagement between industry, regulators and policy-makers is essential to ensure the consistent implementation and interpretation of the GDPR;
- The Article 29 Working Party and the European Commission will hold several meetings over the next two years which will provide suitable forums for stakeholder involvement;
- The successful GDPR implementation and interpretation will also depend on various considerations, such as taking into account the aims of the European strategy on the Digital Single Market, devising “future-proof” and technologically neutral guidance, ensuring a harmonised European approach (as far as possible), and considering overlapping European laws (e.g. competition law);
- The centrality of “accountability” in the GDPR and importance of incentivising companies to adopt and develop accountability tools;
- How “smart” data protection regulation may enable European data protection authorities to discharge their GDPR roles more effectively;
- The importance of clarifying various functional and organisational aspects of the data protection officer role;
- The need to develop harmonised understandings of “risk” and “high risk”, and agree on risk assessment approaches and methodologies that consider not only the risk but also the benefits of data processing;
- Codes of conduct, certifications, seals and binding corporate rules can be effective compliance and accountability tools if , for example, we incentivise their development and ensure that they work at the “programmatic” rather than product level;
- Implementing and interpreting the rights to data portability, erasure and object raise various problems, such as the interactions between data portability and other legal areas (e.g. competition law), which need to be resolved;
- The GDPR transparency provisions should be implemented and interpreted in order to minimise any tension which exist between these provisions and the GDPR provisions on detailed notice. Relatedly, we need to carefully consider whether icons are suitable transparency tools; and
- The GDPR will raise specific challenges for start-ups and small and medium-sized enterprises which need to be addressed head-on, for example, by involving these organisations in the stakeholder engagement process.
Download the Paper
Download NowMore like this
April 2025
Key Takeaways: GDPR Procedural Regulation – One Year Later – Where Are We Now?
Find out more
May 2024
The GDPR’s First Six Years: Positive Impacts, Remaining Implementation Challenges, and Recommendations for Improvement
Find out more
December 2021
Bridging the DMA and the GDPR – CIPL Comments on the Data Protection Implications of the Draft Digital Markets Act
Find out more
September 2021
GDPR Enforcement Cooperation and the One-Stop-Shop – Learning from the First Three Years
Find out more
July 2021
How the “Legitimate Interests” Ground for Processing Enables Responsible Data Use and Innovation
Find out more
September 2020
A Path Forward for International Data Transfers under the GDPR after the CJEU Schrems II Decision
Find out more
July 2020
Data Subject Rights under the GDPR in a Global Data Driven and Connected World
Find out more
August 2019
