Five years into the application of the GDPR, it becomes more and more obvious that the legislator was overly optimistic regarding national Supervisory Authorities (SAs) actively cooperating and enforcing European law. The European Commission now plans to fix these issued with a GDPR Procedures Regulation.
We have developed a draft procedural regulation, as a sample implementation of these concepts – we hope that this will offer a practical, “hands on” example of a possible Regulation.
We have identified more than 60 procedural issues that we have experienced first-hand in our daily operations. We have summarized them in the “issues” section. Many of these issues are symptoms of an underlying procedural problem.
From the list of issues, we have derived sixteen “core concepts”, which can prove solutions via high-level principles and rules.
Ideally, these concepts should be abstract enough to capture many problems, with a simple rule or principle that can be included in various provisions throughout the new Regulation.
When developing these principles, we have actively considered existing mechanisms in EU law, such as instruments in procedural rules, which seem to have many common features with GDPR procedures.
To show that the broader concepts could also be turned into a real-life Regulation we have developed a Draft Regulation. While it is by no means perfect or final, the draft lays down options for harmonised rules relating to procedural aspects of the cooperation between supervisory authorities and the enforcement of the GDPR.