27th January 2017

GDPR: Main lines of Working Party 29 2017 Action Plan

On January 16, 2017, the Article 29 Working Party (“Working Party”) published further information about its Action Plan for 2017, which sets forth the Working Party’s priorities and objectives in the context of implementation of the EU General Data Protection Regulation (“GDPR”) for the year ahead. The Action Plan closely follows earlier GDPR guidance relating to Data Portability, the appointment of Data Protection Officers and the concept of the Lead Supervisory Authority, which were published together by the Working Party on December 13, 2016. Source.

The main lines of the 2017 Action Plan:
1. Follow-up on 2016 topics
In its 2017 Action Plan, the WP29 has committed to finalize its work on topics undertaken in 2016 including guidelines on certification and processing likely to result in a high risk and Data Protection Impact Assessments (DPIA), administrative fines, the setting up the European Data Protection Board (EDPB) structure in terms of administration (e.g. IT, human resources, service level agreements and budget) and the preparation of the one stop shop and the EDPB consistency mechanism.

2. New 2017 Priorities
In the 2017 Action Plan the WP29 has also engaged to start its work with the production of guidelines on the topics of consent and profiling and continue in the second semester of 2017 with the production of guidelines on the issue of transparency. At the same time, the WP29 will work on the update of already existing opinions and referentials on data transfers to third countries and data breach notifications. The WP29 wishes to once again consult the relevant stakeholders (e.g.: business and civil society representatives).Therefore, a second Fablab will take place on April 5 and 6, 2017 at which interested stakeholders will be invited to present their views and comments on the new 2017 priorities. Moreover, relevant public consultations may be launched at a national level by DPAs. In a continuing effort to build stronger bridges with the international data protection community, the WP29 will organize an interactive workshop on May 18 and 19, 2017, where non-EU counterparts will be invited to exchange views on the GDPR and its implementation by the WP29.

This new action plan will be reviewed periodically and will be complemented in 2018.

Read full press release. Details in Czech are available here.

Members of the American Chamber of Commerce in the Czech Republic