The General Data Protection Regulation (GDPR)

The Article 29 Working Party (WP29) has published Guidelines on Data Protection Officers (DPOs). The guidelines aim to assist organisations with determining whether a DPO needs to be appointed, the professional qualifications a DPO should have, their tasks, and their potential liability. The guidelines will also help DPOs in understanding the scope of their role.

On 12 December, 2017, the Article 29 Working Party (WP29) published its Guidelines on Transparency. The guidance should assist controllers in understanding the obligation of transparency concerning the processing of personal data under the GDPR. The schedule to the guidance contains a list of the mandatory transparency information that must be provided to a data subject, so this note focuses on the WP29’s recommendations in regard to the provision of that information to data subjects.

On 12 December, 2017, the Article 29 Working Party (WP29) published its Guidelines on Consent under the GDPR. Consent is one of the lawful grounds on which personal data processing may be based. The consent guidance considers the extent to which the GDPR requires controllers to change their consent requests/forms.

The Article 29 Working Party (WP29) has published Guidelines on Administrative Fines. The guidelines emphasises the need for supervisory authorities to be consistent in their approach to fines, as discretion of supervisory authorities in regard to the application of fines may lead to divergences throughout the EU.