On 25 May, 2018, the General Data Protection Regulation (“GDPR”) will become applicable, bringing significant changes to data protection rules across the European Economic Area (EEA). With the adoption of the GDPR, the EU recognizes the importance of harmonizing European data protection laws, in order to facilitate cross-border commerce.
There is significant activity at the EU and Member State level, including rulemaking (the GDPR requires implementation and allows Member States to legislate on specific issues), issuing of guidance, and adopting codes of conduct and certification schemes.
AmCham EU’s members take GDPR compliance seriously, and are now working to implement the upcoming rules. In that context, AmCham EU has developed the following recommendations for data protection authorities (DPAs), the European Data Protection Board (EDPB), and Member States to consider as they develop guidance and policies on the GDPR.
Our recommendations address seven specific aspects of the GDPR with the aim ensuring a uniform and balanced application across Europe: (i) the one-stop shop; (ii) high-risk processing / data protection impact assessments (DPIAs); (iii) personal data breaches and notification; (iv) approved codes of conduct and certification; (v) data portability; (vi) sanctions; and (vii) data protection officers (DPOs).