The European Commission (EC) recently issued online guidance on the General Data Protection Regulation (GDPR), a sweeping European Union (EU) data protection legislation that will take effect on May 25, 2018. The guidance is intended to be used as a tool to help businesses as well as the EC, national data protection authorities, EU Member States, and other national administrations prepare for the GDPR. To date, only 2 EU Member States – Germany and Austria – have adopted the relevant national legislation to be in compliance with GDPR.
The guidance provides an analysis of the application of the GDPR’s obligations, individuals’ requests, and enforcement as it pertains to businesses and organizations. It also provides a separate overview of how the GDPR addresses the rights for citizens. Finally, the guidance provides several GDPR-related resources and a detailed background on the GDPR generally, as well as a more in-depth look into data privacy concepts such as the definition of personal data, the scope of data processing, and the role of Data Protection Authorities.
In a press release issued on January 24, 2018, the EC stated that “[t]he Commission wants to ensure that all actors – EU governments, national data protection authorities, companies and citizens – are ready for its entry into force on 25 May 2018” and that the GDPR “requires significant adjustments in certain aspects, like amending existing laws by EU governments or setting up the European Data Protection Board by data protection authorities to make them work smoothly in practice.”