Privacy & Information Security Law Blog

On March 16, 2016, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP will co-host a one-day workshop in Amsterdam, Netherlands, together with the Dutch Ministry of Security and Justice, to kick off a new long-term CIPL project on the implementation of the EU General Data Protection Regulation (“GDPR”).

Under the title “Towards a Successful and Consistent Implementation of the GDPR,” the workshop will focus on GDPR issues that require further interpretation and guidance. More than 100 participants from numerous EU data protection authorities, the European Data Protection Supervisor, the European Commission, several government ministries, EU and U.S. businesses, as well as from academia and other organizations, will participate in the workshop.

The project aims to address the need for a constructive and expert dialogue between industry, regulators and key policymakers with the following specific objectives:

• facilitating consistency in the interpretation of the GDPR across the EU;
• informing and advancing constructive and forward-thinking interpretations of key GDPR requirements;
• facilitating consistency in the further implementation of the GDPR by EU Member States, the European Commission and the European Data Protection Board;
• examining best practices and challenges in the implementation of the key GDPR requirements;
• sharing industry experiences and views to benchmark, coordinate and streamline the implementation of new compliance measures; and
• examining how the new GDPR requirements should be interpreted and implemented to advance the European Digital Single Market strategy and data-driven innovation, while protecting the privacy of individuals and respecting the fundamental right to data protection.

According to Bojana Bellamy, the President of CIPL, “the GDPR signifies a new era in data privacy law and practice and will be a driver of significant change for all stakeholders – businesses, government bodies and DPAs.” Bellamy emphasized that “[n]ow is the time for organizations to begin their efforts to assess the impact of the new GDPR requirements, devise strategies for implementation, and to put into place company-wide change management programs. The Regulation leaves a significant margin for maneuver to the Member States, the Commission, and the new European Data Protection Board. It is essential that there be active and constructive engagement between the industry and data protection regulators and policymakers, to ensure consistent interpretation and implementation of the new rules as well as the success of the GDPR generally. Our project hopes to provide a forum for this engagement throughout the two-year implementation phase.”

The two-year project will consist of and result in a number of workshops, webinars, white papers and other relevant events and materials. The focus topics of the first workshop in Amsterdam will be (1) data privacy programmatic management, including the elements of accountability, the role of the data protection officer, assessing risk in the context of privacy impact assessments, privacy by design and breach notifications, demonstrating accountability externally, binding corporate rules, privacy seals and certifications and codes of conduct, and harmonization and consistent implementation; and (2) individual rights, including data portability, data erasure, right to object, and transparency to individuals.