GDPR - Guidance from the European Commission | KPMG | IE
Share with your friends

GDPR - Guidance from the European Commission

GDPR - Guidance from the European Commission

Reinforcing the trust and security of consumers and guaranteeing the free flow of personal data.


Also on

On 6 April 2016, the EU agreed a major reform of its data protection framework and adopted the General Data Protection Regulation (GDPR). As the new EU-wide data protection instrument, GDPR seeks to guarantee the free flow of personal data between EU Member States and to reinforce the trust and security of consumers, as Digital Single Market (DSM) fundamentals.
GDPR seeks to enable higher levels of data security, empower market participants, boost competition and modernise administration and public services. Its successful application requires co-operation among all involved in data protection.

The Guidance

Since the adoption of GDPR in May 2016, the Commission has actively engaged with stakeholders to ensure that the importance and scale of the changes introduced by the Regulation are properly communicated. It has dedicated EUR 1.7 million to fund data protection authorities and support awareness training, with a further EUR 2 million available to national authorities for direct business support.

Issued ahead of the GDPR implementation deadline, Guidance from the European Commission:

  • recaps the main innovations and opportunities opened up by the new EU data protection legislation;
  • takes stock of the preparatory work undertaken so far at EU level;
  • outlines what the European Commission, national data protection authorities and national administrations should still do for bringing the preparation to a successful completion; and
  • sets out measures which the Commission intends to take in the coming months.

With preparations progressing at variable speed across EU Member States, the Guidance outlines action required by the Commission, national data protection authorities and national administrations towards a successful completion of preparations.

The Commission expects that the new data protection framework will have a wide-ranging impact and observes that significant adjustments will still be required in some respects. Member States are encouraged to speed up the adoption of national legislation in alignment with the GDPR provisions, and notes that national authorities should be suitably funded and staffed in order `to guarantee their independence and efficiency'.

In Ireland the Data Protection Bill 2018, giving effect to GDPR, has been published. This Bill along with GDPR will create a data protection regime in Ireland which is consistent with the rest of Europe.

The Guidance calls on all actors concerned to intensify efforts towards ensuring the consistent application and interpretation of the new rules across the EU.

A successful preparation should include the following actions:

  • Member States to finalise the set-up of the legal framework at national level.
  • Data protections authorities to ensure that the independent European Data Protection Board is fully operational.
  • Member States to provide the necessary financial and human resources to national data protection authorities.
  • Businesses, public administrations and other organisations processing data to get ready for the application of the new rules.
  • All parties to ensure proper awareness of all parties affected by the new rules, particularly citizens and SMEs

The Commission will continue to actively support all stakeholders ahead of GDPR entering into force on 25 May 2018. Thereafter, it will monitor Member State compliance and continue with multi-stakeholder group engagement, reviewing stakeholder experience in May 2019 and producing an evaluation report expected to be published by May 2020.

Connect with us


Request for proposal