Privacy & Information Security Law Blog

On February 11, 2016, the Article 29 Working Party (the “Working Party”) issued a statement on the 2016 action plan for the implementation of the EU General Data Protection Regulation (the “Regulation”). The action plan outlines the priorities for the Working Party in light of the transition to a new legal framework in Europe and the introduction of the European Data Protection Board (the “EDPB”). Accompanying the statement is a document, Work Program 2016-2018, detailing the tasks of the Working Party’s subgroups during the transitional period between the adoption of the Regulation and its implementation.

Action Plan Based on Four Priorities

The 2016 action plan sets out four priorities for the Working Party:

• Setting up the EDPB structure and its administration. The Working Party will work together with the European Data Protection Supervisor on establishing human resources, a budget and future procedures of the EDPB. In addition, the development of IT systems for the EDPB will be a crucial step in the context of the One-Stop-Shop, according to the Working Party.
• Preparing the One-Stop-Shop and the consistency mechanism. To help prepare for the One-Stop-Shop, the Working Party recognizes in the action plan that development is necessary in several areas, such as the designation of a lead DPA, enforcement cooperation and the EDPB consistency mechanism.
• Issuing guidance for data controllers and processors. The Working Party will provide guidance to assist data controllers and processors in their preparation for the Regulation, specifically on topics such as the new right to portability, the notions of “high risk” and “Data Protection Impact Assessment,” and data protection officers.
• Communication around the EDPB and the Regulation. An important task of the 2016 action plan will be to provide visibility to the EDPB by creating an online communication tool, as well as strengthening the relationships between the EU institutions and participating in external events to promote the new governance model.

Work Program of the Working Party Subgroups

The subgroups of the Working Party will continue their work, taking into account the transitional period before the implementation of the Regulation, and anticipating, to the extent possible, the application of this new legal framework. Among these tasks, the International Transfers subgroup will continue analyzing the impact of the ruling of the Court of Justice of the European Union in the Schrems case, invalidating the Safe Harbor framework, has on other international data transfer mechanisms (i.e., Standard Contractual Clauses and Binding Corporate Rules). In addition, the subgroup will examine and deliver an opinion on the EU-U.S. Privacy Shield once it has been released, and will also analyze the impact of the Regulation on existing international data transfers mechanisms. The Key Provisions subgroup will analyze the need to update existing opinions of the Working Party and will work on the interpretation of key concepts of the Regulation.

The 2016 action plan will be reviewed periodically and complemented in 2017. Read the full Work Program 2016-2018 for more details on the tasks of each of the eight Working Party’s subgroups.