Position Paper - DIGITALEUROPE’s views on Article 29 Working Party draft Guidelines on Data Protection Impact Assessments (WP 248)

EXECUTIVE SUMMARY

DIGITALEUROPE, as the voice of the digital technology industry in Europe, welcomes the opportunity to comment on the Article 29 Working Party’s (“WP29”) draft guidelines on data protection impact assessments (“DPIAs”) and how to determine ‘high risk’ processing (WP 248). DIGITALEUROPE believes that the effective implementation of the General Data Protection Regulation (“GDPR”) will require a joint effort between all stakeholders built on mutual trust. We therefore welcome the decision of the WP29 to treat all guidance documents, including WP248, as a draft guidance document while encouraging feedback from the data protection community.

DIGITALEUROPE believes that the main objective of WP 248 should be to achieve legal certainty so that data controllers of all sizes across the EU clearly understand which processing operations are subject to a DPIA, how to carry out a DPIA, and when to consult the supervisory authority. While we welcome some of the clarifications presented in the draft document, we believe further clarifications would be helpful.