As the General Data Protection Regulation (GDPR) is being introduced in May 2018, the EU's Article 29 Working Party, a group made up of the EU Data Protection Authorities, has published a GDPR action plan for 2017. The 2017 Action Plan outlines its key deliverables and objectives for the next 12 months which will assist businesses in preparing for GDPR's implementation next year. These deliverables include completion of its work in 2016 along with new 2017 priorities.
The main features of the 2017 Action Plan are:
- Finalising 2016 work – It has pledged to complete its work on topics initiated in 2016 including: (i) guidelines on certification and data protection impact assessments; (ii) administrative fines; (iii) the setting up the European Data Protection Board administrative structure; and (iv) the preparation of the "one-stop shop" consistency mechanism.
- 2017 actions – It will build on its 2016 work by producing further guidelines on the topics of consent, profiling and transparency. It also plans to look at already existing opinions on data transfers to third countries (non-EEA) and data breach notifications to explore the possible updating of these opinions.
In addition, there will be more consultative events held in 2017:
- The second small scale workshop consisting of interested parties will take place on 5 and 6 April 2017;
- There may be further guidelines issued by national Data Protection Authorities (the Irish Data Protection Commissioner published its own first set of GDPR guidelines in 2016); and
- A workshop between the Article 29 Working Party and its international counterparts will also be held in order to discuss their views on the GDPR.
The publication of this 2017 Action Plan will be welcomed by many organisations as businesses prepare for 'GDPR Readiness' in 2017.