E-VOLUTION OF DATA PROTECTION (IMPLEMENTATION OF DATA PROTECTION REFORM) Developments and Challenges in EU Privacy Law Aspects from a German Perspective CONFERENCE, 7 - 8 September 2017, Tartu, Estonia Brandenburg State Commissioner for Data Protection and Access to Information Stahnsdorfer Damm 77, 14532 Kleinmachnow, GERMANY Tel: +49 33203 356-0, Fax: +49 33203 356-49 E-mail: poststelle@lda.Brandenburg.de Internet: http://www.lda.brandenburg.de
Article 99 GDPR Entry into Force and Application Preparation works to be done until May 25th 2018 when the GDPR will apply: Regulations by national lawmakers 2. Implementation of various new procedures Example: Article 42 GDPR: develop mechanisms for the accreditation of certification bodies draft criteria for certifications LDA Brandenburg
Article 99 GDPR Entry into Force and Application 3. Interpretation and understanding of the GDPR provisions Guidelines by European Data Protection Board – EDPB (Article 70 GDPR) Article 29 Working Party Preliminary “short papers” by the German supervisory authorities LDA Brandenburg
Article 99 GDPR Entry into Force and Application CONCLUSION Nearly impossible for controllers and processors to fully implement the GDPR by May 25th 2018 A second – short – transition period is needed During this second transition period infringements should not automatically lead to sanctions Focus on other regulatory tools, especially on advice LDA Brandenburg
Article 83 GDPR General Conditions for Imposing Administrative Fines GDPR focusses on a consistent and high level protection of personal data which requires equivalent sanctions for infringements in the Member States Options: establish an EU-wide comparability in the level of sanctions develop a joint schedule of fines fix minimum fines Obstacles: economic, social and cultural diversity between member states circumstances of the specific case LDA Brandenburg
Article 83 GDPR General Conditions for Imposing Administrative Fines CONCLUSION Adopt a list with firm penalties is not possible. The equitable application of the GDPR does not demand a complete levelling. Instead: Achieve a system of sanctions taking into account specific circumstances of data controllers and processors specific circumstances of the Member States (e.g.: economic, social, cultural) LDA Brandenburg