Ahead of the entry into force of the General Data Protection Regulation (GDPR) on 25 May 2018, the EC has published practical guidelines.
The guidelines look at the practical benefits and opportunities provided by the regulation, as well as the progress achieved in the preparatory work up until now and what the next steps will be.
In these guidelines, the Commission urges the Member States to speed up the process of GDPR implementation, as currently only Germany and Austria had taken the measures necessary to comply with the new data protection rules. Situation in other Member States varies: In Spain, a draft of law was submitted to Parliament last November and in France, in January. In Denmark, the legislative process is expected to come to an end in March 2018 at the latest. Delays have also been identified in Italy. In addition, the Commission calls on the Member States to make a necessary investment into national Data Protection Authorities, as insufficient resources might jeopardise their function, and as a result, GDPR implementation.
The Commission will continue its support to the Member States and other stakeholders to ensure smooth and harmonized GDPR implementation. In addition to the budget allocated to the funding of data protection authorities (EUR 1.7 million) a further EUR 2 million will support national authorities in awareness raising initiatives on GDPR (starting from mid-2018) with a particular focus in SMEs.
The GDPR, adopted in April 2016, will enter into force on 25 May 2018. The Regulation contains general principles and rules to apply when entities in the private or public sector process personal data (e.g. conditions for lawful data processing, obligations and rights deriving from data processing and safeguards).