The adoption and enforcement of the GDPR on 25 of May last year made 2018 a landmark year for data protection. In addition to revising and updating data protection rules, the GDPR also established a new body to overlook and ensure consistent application of the rules throughout the EU/EEA. This new body, called the European Data Protection Board (EDPB), replaced the Article 29 Working Party, who was active under the previous Directive.
The EDPB is composed of representatives of the national Data Protection Authorities and the European Data Protection Supervisor (EDPS). The body has been awarded many tasks under the GDPR, but its focus areas consists of providing general guidance to clarify the law, issuing Consistency Opinions or Decisions to guarantee a consistent application of the GDPR and advising the EU Commission on any issue related to data protection and legislation.
On 16 July this year, the EDPB took stock of its data protection work thus far through issuing its first annual report. Even though the EDPB has existed a little under a year, the report covers several milestones reached by the body and takes stock of EDPB’s work and activities in 2018. These activities included the following:
- Endorsement of 16 GDPR related guidelines established by the former Article 29 Working Party
- Adoption of four additional guidelines, including guidelines on the territorial scope of the GDPR and international transfers.
- Adoption of 26 Consistency Opinions under article 64 of the GDPR regarding the national supervisory authorities’ obligation to request an opinion by the EDPB in a number of situations, including by the adoption of a list of the processing operations subject to the requirement for a data protection impact assessment.
- Consultation of stakeholders and ensuring transparency with regard to the EDPB’s work to ensure a high degree of harmonization in the application of the GDPR rules.
- Strengthening the cooperation between national supervisory authorities.
- Holding five plenary meetings addressing a range of topics, from the EU-Japan draft adequacy decision to electronic evidence and ePrivacy.
The work of the EDPB is however just getting started. The upcoming years hold new challenges, and the short-lived body started 2019 by adopting its working program for the next couple of years (2019-2020). The work program describes the EDPB’s intention to follow up the needs identified by EU/EEA member states, stakeholders and the EU legislator. Up until now, the focus has been on interpretation of the new provisions introduced by the GDPR. The EDPB will continue this work through adopting more guidelines, but will also aim to increase focus on other areas, such as specific items and technologies.
Read the EDPB annual report 2018 here and the EDPB work program here.