prepared for the GDPR. In the resulting confusion, few know who’s responsible for what. We’re here to help.
European Data Protection Board
The EDPB will be an entirely new body, however it will be based on the Article 29 Working Party which currently issues recommendations for the GDPR. Its function has been mostly advisory so far and it does not deal directly with clients. It serves as an organisation which keeps the European Commission up to date with the current state of affairs.
However, the EDPB is tasked with yet another responsibility: to coordinate the action of the supervisory authorities. It can help solve disputes and issue opinions of several issues that SAs cannot agree amongst themselves.
Supervisory authorities are organisations established in all EU member states. They must operate independently from the government, and their task is very comprehensive. They are, in a nutshell, responsible for a smooth application of the GDPR in practice. They are here to protect the rights of EU individuals when it comes to data privacy and safety.
All supervisory authorities must work together in order to ensure a smooth and consistent application of the rules in the entire European Union.
They facilitate contact between the individuals who have queries or complaints on one side and companies on the other. They are the contact point for companies who will solve all their data privacy and safety issues with them. This is the touted one-stop shop mechanism that will help reduce overall costs and administrative load imposed both on companies and on the individuals.
Even if a company is based in several EU countries, the company only deals with a single supervisory authority, which then becomes the lead authority. The lead authority is the only one that can produce legal decisions against the company.
At least, there is the European Commission. It will be part of the European Data Protection Board. It is there to act as an observer and a watchdog of common interests of European citizens. It can issue opinions regarding consistency mechanisms, but should not get tangled up in individual cases.
The Commission and the EDPB can demand that a supervisory authority suspend a measure they deem incorrectly applied, but only in cases where the opinions of the authority and the Board differ in opinions and if these decisions would affect the functioning of the common EU market.
Overall, we believe the one-stop-shop is an excellent mechanism that will leave companies with more time and resources to do their thing and leave the administration to the supervisory authorities. They will do a lot of work behind the scenes, so that companies don’t have to do anything. This will drastically ease communication and foster the overall competitiveness of EU companies. At the same time, the rights of the individual citizens will be well-protected. We can’t wait to see it work in practice!