On January 16, 2017, the Article 29 Working Party (“Working Party”) published further information about its Action Plan for 2017, which sets forth the Working Party’s priorities and objectives in the context of implementation of the EU General Data Protection Regulation (“GDPR”) for the year ahead. The Action Plan closely follows earlier GDPR guidance relating to Data Portability, the appointment of Data Protection Officers and the concept of the Lead Supervisory Authority, which were published together by the Working Party on December 13, 2016.
The 2017 Action Plan includes the following key elements:
- Completion of 2016 Work. The Working Party will finalize its work, begun in 2016, in relation to (1) certification mechanisms, (2) high-risk processing, (3) Data Protection Impact Assessments, (4) administrative fines, (5) the implementation of the European Data Protection Board and (6) the implementation of the one-stop-shop and the consistency mechanisms.
- New 2017 Priorities. The Working Party intends to publish guidelines on the following GDPR topics in 2017: (1) consent and profiling and (2) transparency. In addition, the Working Party also intends to update its existing referentials and opinions that relate to (1) data transfers to third countries and (2) data breach notification.
In connection with its 2017 Action Plan, the Working Party will hold another “FabLab” on April 5 and 6, 2017, where relevant stakeholders will be invited to present their views on the Working Party’s areas of focus for 2017. The Working Party’s press release also indicates that national Data Protection Authorities may launch public consultations on relevant topics during 2017. Finally, the press release indicates that on May 18 and 19, 2017, the Working Party will organize an interactive workshop where the Working Party’s international counterparts will have the opportunity to discuss GDPR implementation issues. This 2017 Action Plan will be reviewed and updated by the Working Party periodically, and will be extended into 2018.