The Article 29 Working Party published in mid January the new set of priorities for providing GDPR guidance for 2017. This happened after WP29 published in December three sets of much awaited Guidelines on the application of the GDPR: on Data Protection Officers, on the right to data portability and on identifying the lead supervisory authority (pdpEcho intends to provide a closer look to all of them in following weeks). So what are the new priorities?
First of all, WP29 committed to finalise what was started in 2016 and was not adopted/finalised by the end of the year:
- Guidelines on the certification mechanism;
- Guidelines on processing likely to result in a high risk and Data Protection Impact Assessments;
- Guidance on administrative fines;
- Setting up admin details of the European Data Protection Board (e.g. IT, human resources, service level agreements and budget);
- Preparing the one-stop-shop and the EDPB consistency mechanism
Secondly, WP29 engaged to start assessments and provide guidance for.
- Consent;
- Profiling;
- Transparency.
Lastly, in order to take into account the changes brought by the GDPR, WP29 intends to update the already existing guidance on:
- International data transfers;
- Data breach notifications.
If you want to be a part of the process, there are good news. WP29 wants to organise another FabLab on April 5 and 6 on the new priorities for 2017, where “interested stakeholders will be invited to present their views and comments”. For more details, regularly check this link.
It seems we’re going to have a busy year.
pdpEcho 