8th Annual Data Protection and Privacy Conference
8th Annual Data Protection and Privacy Conference, Speech by Giovanni Buttarelli, Brussels, Belgium
Accountability is a common principle for organisations across many disciplines; the principle embodies that organisations live up to expectations for instance in the delivery of their products and their behaviour towards those they interact with. The General Data Protection Regulation (GDPR) integrates accountability as a principle which requires that organisations put in place appropriate technical and organisational measures and be able to demonstrate what they did and its effectiveness when requested.
Organisations, and not Data Protection Authorities, must demonstrate that they are compliant with the law. Such measures include: adequate documentation on what personal data are processed, how, to what purpose, how long; documented processes and procedures aiming at tackling data protection issues at an early state when building information systems or responding to a data breach; the presence of a Data Protection Officer that be integrated in the organisation planning and operations etc.
In 2015, in anticipation of the GDPR, the EDPS initiated a project to develop a framework for greater accountability in data processing to be applied to our own organisation, as an institution, a manager of financial resources and people - and a controller.
In addition, we have started to promote the accountability principle through visits to small, medium and large EU bodies to explain the new obligations resulting from the revised legal framework and the implications for EU institutions and the EDPS' work as their supervisory authority.
8th Annual Data Protection and Privacy Conference, Speech by Giovanni Buttarelli, Brussels, Belgium
In the October 2017 edition of the EDPS Newsletter we cover the theme for the 2018 International Conference of Data Protection and Privacy Commissioners, our priorities for the next 12 months, and our ongoing training in preparation for the new Regulation.
Hitting the ground running: How regulators and businesses can really put data protection accountability into practice, keynote speech by Giovanni Buttarelli at European Data Protection Days (EDPD) Conference, Berlin
The May 2017 edition of the EDPS Newsletter covers recently adopted Opinions on data protection and the EU institutions, digital content and the European Travel Information and Authorisation System (ETIAS), as well as many other EDPS activities.
The new EU data protection framework consists of much more than just the GDPR. New rules for the EU institutions and ePrivacy are yet to be finalised, and remain a key focal point for EDPS work. As well as providing advice to the legislator on these new rules, the EDPS has started working with the EU institutions and bodies to prepare them for the changes to come. A particular focus of his efforts in 2016 was on promoting accountability, a central pillar of the GDPR which it is safe to assume will also be integrated into the new rules for EU institutions and bodies.
In 2016, the EDPS also made a considerable effort to help move the global debate on data protection and privacy forward and mainstream data protection into international policies. He advised the EU legislator on the Umbrella agreement and the Privacy Shield and engaged with data protection and privacy commissioners from every continent. He also continued to pursue new initiatives, such as the Ethics Advisory Group, through which he intends to stimulate global debate on the ethical dimension of data protection in the digital era.
The EDPS aims to make data protection as simple and effective as possible for all involved. This requires ensuring that EU policy both reflects the realities of data protection in the digital era and encourages compliance through accountability.