What does this cover?

The EDPS issued two sets of guidelines on data protection (Guidelines) for use by EU institutions.  However, they contain useful guidance for all companies operating within Europe.

The first set of Guidelines concerns 'eCommunications'; a term which covers electronic communications such as text, internet (incl. emails) and telephone. The second set of Guidelines covers 'mobile devices', such as mobile phones and tablets.

Despite being produced in accordance with current data protection rules, the EDPS advise that the Guidelines are similarly applicable to the new data protection requirements of the GDPR.

Indeed they are a good source of guidance on how organisation should seek to ensure that any technology being utilised operates in accordance with the more prescribed obligations of the GDPR, including consulting with the data protection officer, performing a privacy impact assessment and ensuring that privacy by design and privacy by default are incorporated into internal systems.

To view the EDPS Guidelines on mobile devices, please click here.

To view the EDPS Guidelines on eCommunications, please click here.

To view the EDPS press release, please click here.

What action could be taken to manage risks that may arise from this development?

Organisations should continue, or prompty commence their GDPR implementation programmes. These guidelines are very useful in assessing what compliance will entail.