What does this cover?

In response to the pending implementation of the GDPR, the WP29 have released an action plan "designed for 2016" which "aims to draw the priorities for the WP29 in preparing the transition into the new legal framework" with particular focus on the European Data Protection Board (EDPB).

Actions under the plan comprise of:

  1. Setting up the EDPB structure in terms of administration (e.g. IT, human resources, service level agreements and budget);
  2. Issuing guidance for controllers and processors – with regard to certification, the Data protection officer, the new portability right and data protection impact assessments;
  3. Communication around the EDPB/GDPR – this will incorporate an online tool but the overall goal is to ensure that the new EDPB authority has both visibility and identifiability as part of the EU; and
  4. Preparing the one stop shop and the consistency mechanism.

The plan is proposed to be renewed in 2017 at which time new objectives will be set out.

To view the statement, please click here.

What action could be taken to manage risks that may arise from this development?

The ICO as well as WP29 will be issuing guidance over the next 2 years for implementation of the GDPR. As guidance is produced, it will need to be reviewed and implemented by organisations.