19th January 2017

AmCham EU's recommendations on the implementation of GDPR

On 25 May, 2018, the General Data Protection Regulation (“GDPR”) will become applicable, bringing significant changes to data protection rules across the European Economic Area (EEA).  With the adoption of the GDPR, the EU recognizes the importance of harmonizing European data protection laws, in order to facilitate cross-border commerce.

There is significant activity at the EU and Member State level, including rulemaking (the GDPR requires implementation and allows Member States to legislate on specific issues), issuing of guidance, and adopting codes of conduct and certification schemes.

AmCham EU’s members take GDPR compliance seriously, and are now working to implement the upcoming rules. In that context, AmCham EU has developed the following recommendations for data protection authorities (DPAs), the European Data Protection Board (EDPB), and Member States to consider as they develop guidance and policies on the GDPR.

Our recommendations address seven specific aspects of the GDPR with the aim ensuring a uniform and balanced application across Europe: (i) the one-stop shop; (ii) high-risk processing / data protection impact assessments (DPIAs); (iii) personal data breaches and notification; (iv) approved codes of conduct and certification; (v) data portability; (vi) sanctions; and (vii) data protection officers (DPOs).

Members of the American Chamber of Commerce in the Czech Republic