Skip to main content

  • AddRemove
  • Build a Report 
In Brief

WP29 Guidance on GDPR Implementation Issued - Have Your Say

16 December 2016
Mayer Brown In Brief

The General Data Protection Regulation (“GDPR”), due to come into force in May 2018, provides for a new framework in data privacy matters in the European Union, which will have a wide-ranging impact on business around the world. (For previous coverage, please see our December 2015 Legal Update.)

During its December plenary meeting, the Article 29 Working Party (“WP29”), the working group composed of the 28 data protection authorities and EU officials, adopted guidelines in the following areas:

They were publicly released on December 16, 2016.

Expected by most businesses, the guidelines on DPOs should shed some light on (i) the need for controllers and processors to appoint DPOs, (ii) positions of the DPOs and (iii) their roles and responsibilities within their organizations. Although the guidelines do not offer clear-cut answers on some open items (such as the interpretation of large-scale processing), they do provide very valuable input on DPOs’ future roles and responsibilities. The guidelines should assist companies in scoping their needs and starting their recruitment processes.

Guidelines are not yet fully set in stone, as the WP29 welcomes comments that stakeholders may have on the adopted guidelines. Comments are due by January 31, 2017, and can be sent to either of the following email addresses: and . Final guidance is expected in the course of 2017, along with guidance on Data Protection Impact Assessments and Certification.

The December plenary meeting is also bringing some news on other fronts, such as the implementation of the Privacy Shield and enforcement actions (the WhatsApp inquiry). The WP29 confirmed that it will take on the role of the "EU centralized body” under the Privacy Shield mechanism, i.e., the EU body set up to address individual complaints regarding data transferred to the United States for commercial purposes and further accessed for national security purposes.

Authors

  • Charles-Albert Helleputte
    T +32 2 551 5982
  • Mark A. Prinsley
    T +44 20 3130 3900
  • Oliver Yaros
    T +44 20 3130 3698
  • Kendall C. Burman
    T +1 202 263 3210
The Build a Report feature requires the use of cookies to function properly. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently. If you do not accept cookies, this function will not work. For more information please see our Privacy Policy

You have no pages selected. Please select pages to email then resubmit.