Ahead of Sunday's Data Protection Day (28/1/2018), with just under four months to go before the General Data Protection Regulation (GDPR) takes effect, the European Commission (EC) published guidance last Thursday meant to help organisations apply the new rules to their businesses.
“The guidance from the Commission makes it clear that the GDPR is a high priority at the highest levels of EU government” Sam Pfeifle, content director at the International Association of Privacy Professionals (IAPP).
Noting that “no entity in the privacy and data protection universe - from national regulator to the smallest data processor - will be unaffected by the GDPR and the Commission is doing everything in its power to ensure no one is caught unawares,” Pfeife said, the guidance “also implies, however, that there will be an expectation of compliance on day one and ignorance will not be a defence.”
Indeed, the EC directed the EU governments should accelerate their adoption of national legislation that aligns with GDPR and provide the resources that their data protection authorities, which the EC will fund with €1.7 million, need to be effective.
"We need modern rules to respond to new risks, so we call on EU governments, authorities and businesses to use the remaining time efficiently and fulfill their roles in the preparations for the big day," Vĕra Jourová, commissioner for justice, consumers and gender equality, said in a release.
The EC will provide another €2 million to fund those authorities' efforts to reach businesses.
The Commission particularly encouraged outreach to smaller and medium-sized businesses, announcing that it was launching a “practical online tool” aimed at aiding SMEs in their compliance efforts and in benefiting from the new regulation.