In September, we held our second GDPR Workshop in Paris as part of our two-year GDPR Implementation Project. The purpose of the project is to provide a forum for stakeholders to promote EU-wide consistency in implementing the GDPR, encourage forward-thinking and future-proof interpretations of key GDPR provisions, develop and share relevant best practices, and foster a culture of trust and collaboration between regulators and industry.
Since the inaugural workshop in March 2016 in Amsterdam, participation in the project has grown significantly. The workshop was attended by almost 120 delegates from businesses, 12 data protection authorities, four EU Member State governments, the EU Commission and the European Data Protection Supervisor, a non-DPA regulator, several academics and the IAPP.
The Paris workshop focused on two key areas under the GDPR: the role of the data protection officer and the risk-based approach in the application of the GDPR (i.e., in connection with data protection impact assessments). Both reflect key priorities of the Article 29 Working Party for developing its own GDPR implementation guidance, as well as the high importance of these two areas for the industry. Additional topics will be covered in future phases of the CIPL project.
Overall, the discussions of the day were a productive mix of a reality check, a wake-up call and encouragement.
Particularly promising were instances of emerging consensus around several key implementation questions. While the discussions illustrated how many provisions under the GDPR remain unclear and how much work is left to be done before the quickly approaching implementation deadline, it was reassuring that no one seemed to be slow-pedaling their respective implementation responsibilities. Instead, we saw concentrated energy and commitment from all sides. There was a sense of shared responsibility for the successful and timely implementation of the GDPR between industry, DPAs, national governments and the EU Commission. Finally, it was also recognized that the lines of communication between regulators, industry and other stakeholders should stay open to ensure the best outcome for everybody.
This report outlines the findings from this second GDPR workshop.
Download the Paper
Download NowMore like this
Key Takeaways: GDPR Procedural Regulation – One Year Later – Where Are We Now?
Find out more
The GDPR’s First Six Years: Positive Impacts, Remaining Implementation Challenges, and Recommendations for Improvement
Find out more
Bridging the DMA and the GDPR – CIPL Comments on the Data Protection Implications of the Draft Digital Markets Act
Find out more
GDPR Enforcement Cooperation and the One-Stop-Shop – Learning from the First Three Years
Find out more
How the “Legitimate Interests” Ground for Processing Enables Responsible Data Use and Innovation
Find out more
A Path Forward for International Data Transfers under the GDPR after the CJEU Schrems II Decision
Find out more
Data Subject Rights under the GDPR in a Global Data Driven and Connected World
Find out more
