In something of a massive data dump, the EU’s Article 29 Working Party emerged from its December plenary meeting with a number of GDPR application guidance documents, including explanations for the mandatory DPO role, the mechanisms for data portability, how a “lead authority” to lead the one-stop shop enforcement mechanism will be established, and some notes on enforcement and the EU-U.S. Privacy Shield. The WP29 welcomes comments on the guidance from stakeholders through January 2017, so there is some possibility their collective minds will be changed. Feedback can be directed to email@example.com and firstname.lastname@example.org. It is a lot to consume, and the IAPP will provide further analysis and reaction in the coming days, but here are the guidance highlights as put together by IAPP Research Director Rita Heimes, CIPP/US and IAPP Publications Director Sam Pfeifle for Privacy Tracker.
If you want to comment on this post, you need to login.