Skip to content

menu

Open Legal Blog Archive logo
HomeAboutBlogsFAQsSubmit

European Commission issues new GDPR guidance

By Kim Gold (US) & Alexis Wilpon (US) on January 24, 2018
Norton Rose Fulbright - Data Protection Report blog
Grand Place in Brussels, Belgium.

The GDPR will come into force exactly four months from Thursday.  In preparation, the European Commission has released a new website with extensive guidance on GDPR implementation, together with a Fact Sheet containing Q&As on the GDPR.  While much of the guidance is already known to privacy professionals, there are new insights as well.

For example, the Commission posted a Communication explaining that it has convened an “Expert Group” (which has already met 13 times) to assist Member States in GDPR implementation. The Communication also describes the “infringement procedure,” which would be implicated should a Member State fail to properly implement the GDPR.  Further, the Commission reported that it is considering updating Convention 108, the only legally binding multilateral instrument in the area of personal data protection.  The new language would reflect that of the GDPR to universally reconcile data protection principles.

The Commission also released a “Next steps” document, which clearly sets out actions to be taken by the European Commission toward Member States, data protection authorities (“DPAs”), and citizens and businesses/organizations processing data through the year 2020.  These steps include monitoring GDPR application, liaising with stakeholders to gather their feedback on GDPR implementation and awareness, and co-financing awareness-raising actions of DPAs.  The document also indicates that the Commission plans to issue a report on the application of the new rules in 2020.

While it is widely understood that the GDPR will be a work in progress for all parties, the Commission has expressed concern regarding newer Member States and small- to medium-sized businesses.  Of particular concern is that not all 28 EU Member States will have had similar GDPR experience and preparation.  However, the Commission has taken steps to combat the imbalance.  The Commission has designated 1.7 million euros to fund DPAs and to train data protection professionals.  It designated an additional two million euros for Member State-level information campaigns for smaller businesses.  It has also planned targeted outreach to small and medium-sized businesses in Member States where there is a larger-scale lack of awareness on GDPR.  The Commission is already planning to organize a one-year-anniversary gathering with subject matter experts, politicians, DPAs, and other stakeholders to evaluate their experiences with implementing the GDPR.

The Commission clearly recognizes that there is a lot to be done in the next four months before the GDPR comes into play.  However, it has made clear that the GDPR will be taken seriously and Member States would be wise to carry out GDPR implementation swiftly and properly.

For more information:

  • Commission guidance
  • Q&As
  • Better rules for European businesses
  • Better data protection rights for European citizens
  • Next Steps
  • Data Protection Reform: a concerted effort
  • Data Protection Reform: ensuring its enforcement
  • Posted in:
    Privacy & Data Security
  • Blog:
    Data Protection Report
  • Organization:
    Norton Rose Fulbright
  • Article: View Original Source

Open Legal Blog Archive, Inc. logo
Seattle, Washington
Copyright © 2026, Open Legal Blog Archive, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo