European Commission Communication – GDPR
On the 24th of July 2019 the European Commission published the Communication to the European Parliament and the Council “Data protection rules as a trust-enabler in the EU and beyond – taking stock” on how the General Regulation for Data Protection was implemented and the effects of its implementation in the European Union states.
As the content of the Communication presents, Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC, adopted by the European Parliament and the Council on the 27th of April 2016, applies across the European Union since over one year.
Data protection has become a truly global phenomenon as people around the world increasingly cherish and value the protection and security of their data.
The European Commission highlights that is determined to lead the EU to a successful implementation of the new data protection regime and to support all aspects of it becoming fully operational.
Also in this context, the European Commission states that, even though the Regulation has broadened the scope of the powers of data protection authorities, the data protection authorities have adopted a balanced approach to enforcement powers in the first year of application of the Regulation. They have focused on dialogue rather than sanctions, in particular for the smallest controllers which do not process personal data as a core activity.
In the same time, the European Commission mentions that the national supervisory authorities did not shy away from imposing administrative when they ascertain the infringement of General Data Protection Regulation provisions. However, the success of the Regulation should not be measured by the number of fines imposed, but by changes in the culture and behaviour of all actors involved.
Also, the European Commission emphasizes that the activity of the data protection authorities has been intensified in the European Data Protection Board, by adopting around 20 guidelines on key aspects of the General Data Protection Regulation.
Another key objective of the Regulation was to strengthen individuals’ rights. After one year of application of the Regulation, is was found that data subjects are more informed about their rights pursuant to this Regulation and on how to exercise them.
Therefore, on the basis of information available to date and the dialogue with stakeholders, the European Commission’s preliminary assessment is that the first year of application of the Regulation has been overall positive, even though further progress is necessary in a number of areas.
The text in English is available at: https://ec.europa.eu/commission/sites/beta-political/files/communication_from_the_commission_to_the_european_parliament_and_the_council.pdf
Legal and Communication Department
ANSPDCP