EVOLUTION OF DATA PROTECTION IMPLEMENTATION OF DATA PROTECTION
- Slides: 6
E-VOLUTION OF DATA PROTECTION (IMPLEMENTATION OF DATA PROTECTION REFORM) Developments and Challenges in EU Privacy Law Aspects from a German Perspective CONFERENCE, 7 - 8 September 2017, Tartu, Estonia Brandenburg State Commissioner for Data Protection and Access to Information Stahnsdorfer Damm 77, 14532 Kleinmachnow, GERMANY Tel: +49 33203 356 -0, Fax: +49 33203 356 -49 E-mail: poststelle@lda. Brandenburg. de Internet: http: //www. lda. brandenburg. de
Article 99 GDPR Entry into Force and Application Preparation works to be done until May 25 th 2018 when the GDPR will apply: 1. Regulations by national lawmakers 2. Implementation of various new procedures Example: Article 42 GDPR: • develop mechanisms for the accreditation of certification bodies • draft criteria for certifications LDA Brandenburg 2
Article 99 GDPR Entry into Force and Application 3. Interpretation and understanding of the GDPR provisions • Guidelines by o European Data Protection Board – EDPB (Article 70 GDPR) o Article 29 Working Party • Preliminary “short papers” by the German supervisory authorities LDA Brandenburg 3
Article 99 GDPR Entry into Force and Application CONCLUSION • Nearly impossible for controllers and processors to fully implement the GDPR by May 25 th 2018 • A second – short – transition period is needed • During this second transition period infringements should not automatically lead to sanctions • Focus on other regulatory tools, especially on advice LDA Brandenburg 4
Article 83 GDPR General Conditions for Imposing Administrative Fines GDPR focusses on a consistent and high level protection of personal data which requires equivalent sanctions for infringements in the Member States • Options: o establish an EU-wide comparability in the level of sanctions o develop a joint schedule of fines o fix minimum fines • Obstacles: o economic, social and cultural diversity between member states o circumstances of the specific case LDA Brandenburg 5
Article 83 GDPR General Conditions for Imposing Administrative Fines CONCLUSION • Adopt a list with firm penalties is not possible. • The equitable application of the GDPR does not demand a complete levelling. • Instead: Achieve a system of sanctions taking into account o specific circumstances of data controllers and processors o specific circumstances of the Member States (e. g. : economic, social, cultural) LDA Brandenburg 6