In just over a week, the GDPR will finally be in full force. The deadline was a good reason for the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs to host a joint session with representatives of the national parliaments of the EU Member States. In four sessions, the data protection reform was discussed, focusing on institutional matters, consequences for the private sector (and SMEs in particular), the role of technological innovation and finally, the police and justice directive. Nymity’s Paul Breitbarth, Director of Strategic Research and Regulator Outreach, was invited to speak as one of the few business representatives in the panel on technological innovation.
Both members of the European Parliament and of the national parliament stated that they were currently being inundated with messages from constituents asking how to deal with provisions of the GDPR. Especially in recent weeks, the interest for the Regulation (which some even described as ‘panic’) has substantially increased. Still, as the Chair of the Article 29 Working Party, Andrea Jelinek, put it, the GDPR “doesn’t suddenly come from the heavens”. It builds on existing rules and a grace period has been in force for over two years. Nevertheless, from interventions during all the panels it was clear that almost everyone understands that GDPR compliance requires quite some work.
The situation of SMEs was extensively debated. Many national parliamentarians, supported by the industry representatives, indicated that the GDPR is not fit for SMEs. The call was not so much to have more exceptions in place, but to have a workable law for everyone, with proportionate burdens for all. No-one however seems willing to start revising the GDPR before it enters into full application or immediately thereafter, also bearing in mind that the draft ePrivacy Regulation is still on the negotiating table.
Nymity’s contribution to the debate concentrated around our recent innovations for organisations struggling with their processing activities register and data protection impact assessments (DPIAs). Paul Breitbarth explained to the Parliament, “Our research division monitors on a daily basis legislative developments, regulator guidance and enforcement decisions, case law and industry position papers. This allows us to compile databases of do’s and dont’s that our subscribers can benefit from. Combine this with expert systems, and the privacy office can not only delegate part of the data protection compliance program to their colleagues on the work floor, they can even steer them in the right direction without the need for extensive training programs on the requirements of the law.”
Paul went on to explain the methodologies behind Nymity ExpertPIA™, where most of our GDPR related technological innovations were first implemented, “Especially in the past year, we have been able to develop quite a number of new methodologies to support compliance, including an accountability and privacy by design driven way to complete a data protection impact assessment. For every processing operation in their register, organisations are asked to identify the technical and organisational measures they are using to protect the personal data under their control. This forces project owners to start thinking about data protection early on, thus embedding the privacy by design principle. The process also makes it easier to tell the data protection story behind the project.”
The recording of the Interparliamentary Committee Meeting (including full translation into all EU languages) is available here:
To learn more about Nymity ExpertPIA™, visit: https://www.nymity.com/solutions/expertpia/