On 13 October 2017, Data Protection Officers (DPO) from the EU institutions and bodies met in London for the 42nd meeting of the Network of DPOs, hosted by the European Medicines Agency (EMA).
The event was an excellent opportunity for us to meet with DPOs, our data protection partners, and to exchange practical experiences, continuing our preparation towards the implementation of the revised rules on data protection for the EU institutions and bodies.
One of the topics of discussion was the revised role of DPOs in ensuring compliance with the Regulation. We also discussed the principle of accountability, which requires EU institutions and bodies to ensure, verify and demonstrate compliance, as well as Data Protection Impact Assessments (DPIAs), following up on the EDPS’ practical guidance on how to document the new obligation of a DPIA in practice.
The EDPS IT Policy sector completed the meeting with a session on data breach notifications. Under the new Regulation, the obligation to notify personal data breaches to the supervisory authority and to inform the individuals concerned will also apply to EU institutions and bodies. We discussed possible procedures with the DPOs, and presented our draft guidance on the topic, which was recently submitted to the Article 29 Working Party for consultation.
The meeting in London was a challenging but productive exercise for DPOs, encouraging them to think ahead and exchange views on their institutional needs and concrete actions for demonstrating compliance.
EDPS Blogpost