13 Feb 2017

Position Paper - DIGITALEUROPE’s response to the European Commission’s questionnaire on the General Data Protection Regulation

Position Paper - DIGITALEUROPE’s response to the European Commission’s questionnaire on the General Data Protection Regulation

EXECUTIVE SUMMARY

DIGITALEUROPE, the voice of the digital technology industry in Europe, welcomes the opportunity to respond to the European Commission’s questionnaire on the implementation of the General Data Protection Regulation (“GDPR”) by industry. DIGITALEUROPE believes that the effective implementation of the GDPR will require a joint effort between all stakeholders built on mutual trust. We therefore welcome the initiative of the European Commission to seek feedback from industry on how companies are preparing for GDPR compliance coupled with the hosting of a meeting with industry stakeholders in December 2016 with the intention of continuing the dialogue throughout the implementation process.

As DIGITALEUROPE has referenced in its feedback to the first round of the Article 29 Working Party’s (“WP29”) draft guidelines, we believe the main objective of all interactions between industry and the European Commission and the WP29 should be to achieve legal certainty so that data controllers and data processors of all sizes across the EU clearly understand how their GDPR compliance regimes should be structured. We believe this questionnaire is a positive step in allowing the European Commission to understand that multiple challenges exist across the various business models of DIGITALEUROPE members, particularly when it comes to designing a GDPR compliant personal data governance regime for company-wide systems that need to be used globally. In our response, DIGITALEUROPE has specifically called out the following challenges that are faced by members:

1. Necessity of external counsel – Members have been obliged to maintain expensive external counsel. This costly exercise is the opposite of the ‘cost cutting’ envisaged by the European Commission under the GDPR

2. Lack of DPA engagement – Members seeking DPA engagement/interaction have been met with an overall lack of responsiveness including explicit references to ‘no meetings with industry’ policies of DPAs

3. Standardised icons – Members strongly caution the European Commission against adopting delegated acts to produce standardised icons aimed at summarising a company’s compliance with the GDPR

4. Controller and processor relationship – Members have begun adding new elements to their contracts and note that negotiations around liability have become incredibly complex

5. Data breach notification – Members have warned that they will likely inform DPAs of breaches more frequently than is required/envisaged in the GDPR out of abundance of caution due to potential high sanctions

6. Obtaining consent – Members and enterprise customers who are processing based on consent are struggling to find effective ways to obtain consent for different processing by the same data controller

Back to Data privacy
View the complete Policy Paper
PDF
Our resources on Data privacy
Policy Paper 17 Sep 2020
DIGITALEUROPE response to the European Data Protection Board’s consultation on the Guidelines 6/2020 on the interplay of the PSD2 and the GDPR
Policy Paper 31 Aug 2020
An early analysis of Schrems II – key questions and possible ways forward
Policy Paper 10 Jun 2020
Two years of GDPR: A report from the digital industry
Hit enter to search or ESC to close
This website uses cookies
We use cookies and similar techonologies to adjust your preferences, analyze traffic and measure the effectiveness of campaigns. You consent to the use of our cookies by continuing to browse this website.
Decline
Accept