European Data Protection Supervisor
25 May 2018 is not only GDPR day.
It is also scheduled to be the day on which a new Regulation (the new 45) governing data processing by the European Institutions, Bodies and Agencies (EUIs), will become applicable, replacing the current Regulation (EC) No. 45/2001.
25 May 2018 will mark an important milestone in the history of data protection with the full application of the new General Data Protection Regulation (GDPR). Together with the Data Protection Directive for police and criminal justice authorities, the GDPR will set the standard for personal data processing for many years to come.
We are approaching the holiday season, a period of excess and over-indulgence followed by doomed resolutions to live more healthily and frugally in the New Year.
Data protection of course has always been about dignity and restraint. It is based on the idea that respect for humans means being careful with what you do with information about them.
In the last few weeks, I have been asked to look beyond the GDPR to imagine future scenarios for regulation of digital rights in the EU and around the world.
Data Protection Officers (DPO) from the EU institutions and bodies met today in London at the 42nd meeting of the Network of DPOs, which was hosted by the European Medicines Agency (EMA).
It is seven years ago now that the 32nd International Conference of Data Protection and Privacy Commissioners met in Jerusalem and adopted its resolution on Privacy by Design.
Henry Kissinger, in one of perhaps the most famous quotes which were never actually uttered by the person to whom they are attributed, is alleged to have complained that when he wanted to telephone the European Union he didn’t know what number to ring. I am often asked for my reflections on the transatlantic relationship under the new administration, and in response I have suggested that indeed it would be helpful to have a nominated points of contact for questions of privacy and data protection law.
I have repeated on many occasions my deep conviction that the GDPR is going to be the keystone of data protection law for a generation.
This generation is going to include the ‘millennials’, digital ‘natives’ who have grown up knowing only connected things, with their social lives and education mediated by touch screens and apps.
In March this year, my respected colleague Ventislav Karadjov, Chairman of the Commission for Personal Data Protection of the Republic of Bulgaria (CPDP) and I announced that we will jointly be hosting the 40th annual International Conference of Data Protection and Privacy Commissioners in October 2018.
The Annual Privacy Forum took place on 7 June 2017. This event, which has been organised by the European Network and Information Security Agency (ENISA) on an annual basis since 2012, and supported by the EDPS, brings together researchers, regulators and business dealing with privacy in the IT services we use on a daily basis.
I had the honour of giving the opening keynote speech and took the opportunity to refer to the recent cyber-attack known on social media as #WannaCry.