Europe is today celebrating Data Protection Day, with this year's celebrations coinciding with the recent political agreement for the finalised text of the new General Data Protection Regulation (GDPR) (for further information – see our earlier blog post). One of the many events organised across Europe in conjunction with Data Protection Day was the National Data Protection Conference, which took place over the course of yesterday and today.
Mark Rasdale (IP & Technology Group) was one of the key speakers at this morning's session. His presentation focused on the significant changes in the GDPR, including increased consistency in the application of the rules, the evolution of the status of controllers and processors, stronger enforcement mechanisms and the new tests assessing when national law is applicable.
Commissioner Helen Dixon also addressed the conference, delivering an update on many of the practical matters facing the Office of the Data Protection Commissioner (ODPC). She outlined the priorities of her office in 2016, detailing many of the changes on the horizon. The ODPC itself will be moving into a new premises in Dublin City Centre, which will house the increased numbers of full-time staff which the Commissioner is aiming to recruit over the coming year, including additional legal staff and technical specialists. The ODPC is beginning a process to overhaul the website and streamline the guidance issued by the ODPC, with a view to ensuring that ODPC guidance will be specific and practical. It appears that the ODPC practice of sectoral-based audits will continue, with an audit into the insurance sector anticipated for 2016, partially in response to the rise in tracking devices used in vehicles by insurers.
Claire Morrissey (IP & Technology Group) also took part in today's Expert Panel Discussion at this morning's session with Commissioner Dixon, Seamus Carroll of the Department of Justice and Lanre Oluwatona of the Association of Data Protection Officers. She offered tips on how to prepare for the arrival of the GDPR, saying that organisations should start by getting familiar with their existing data processing and policies, so that they will be aware the particular activities which will need to be updated, to ensure compliance when the new laws come into force.
The first day of the National Data Protection Conference focused on hands-on training, which was delivered within a number of interactive workshops. Claire, together with Andrea Lawler (IP & Technology Group), delivered an informative workshop entitled 'GDPR Essentials – Preparing for the new legal framework for the collection, use and sharing of personal information'. This workshop offered data protection officers, organisations and legal counsel a valuable guide to begin preparing for the new obligations which will come into force in 2018.
Data Protection Day is just the beginning of what promises to be an eventful year in this area. 2015 closed with consideration being given to the invalidation of the Safe Harbour regime by the CJEU inSchrems. Commissioner Dixon today promised that the Article 29 Working Party's considered response to this decision, including an analysis of the 'alternative legal mechanisms' such as model contracts or binding corporate rules, is to be published imminently. With boosted resources and renewed commitment, 2016 looks to be another significant year in the realm of data protection law.