As the General Data Protection Regulation is close to adoption, the Article 29 Working Party must develop guidelines, tools and procedures to allow the new legal framework to be effective for the first semester of 2018. Therefore, the action plan designed for 2016 aims to draw the priorities for the Article 29 Working Party in preparing the transition into the new legal framework, in particular the European Data Protection Board.
The Article 29 Working Party (hereinafter, “WP29”), on February 2, 2016, adopted a Statement on the 2016 action plan for the implementation of the General Data Protection Regulation (hereinafter, “GDPR”).
A new governance model is on its way, giving a higher role to the national Data Protection Authorities. It is a distributed governance model built on three pillars: national data protection authorities, enhanced co-‐operation between them and the creation of the European Data Protection Board (hereinafter, “EDPB”). The WP29 wants to anticipate this new organization as far as it is possible.
The plan is based on 4 priorities:
- setting up the EDPB structure in terms of administration (e.g. IT, human resources and budget);
- preparing the one stop shop and the consistency mechanism;
- issuing guidance for controllers and processors to get prepared for the entry into force of the GDPR;
- communication around the EDPB/GDPR.
This action plan will be reviewed periodically and will be complemented in 2017 with new objectives and deliverables. The WP29 will consult regularly – and where appropriate – the relevant stakeholders
(e.g. business representatives and civil society representatives), in order to exchange views on the implementation of the GPDR.