With only four months remaining until the EU General Data Protection Regulation takes effect on May 25, 2018, the European Commission has launched a new website offering guidance on requirements and implementation targeted at an array of stakeholders including Member State governments, businesses, data subjects, and other entities whose operations or data processing activities will bring them into the GDPR’s orbit.
The Commission’s GDPR compliance toolkit features:
- Basic background information on the GDPR, including what the Regulation governs, what constitutes personal data and data processing, and an introduction to Data Protection Authorities;
- A detailed page setting forth rules for businesses and organizations, including clarification regarding applicability, the distinction between data controllers and processers, what to do in the event of a personal data breach, how to deal with requests from EU data subjects (e.g., to access or amend their personal data) and the GDPR’s enforcement and sanction mechanisms;
- A user-friendly section focused on helping small to midsize enterprises get their GDPR houses in order;
- Information for EU data subjects, outlining their personal data protection rights and how to assert them; and
- A variety of fact sheets for business and individuals, including a timeline of next steps and an explanation of the benefits of GDPR for the business community.
The Commission also issued a Communication to the European Parliament and Council on January 24. In addition to introducing the online toolkit, the document summarizes the benefits of the new GDPR; describes how the Commission has been preparing to date; outlines the next steps for regulators to ensure the preparation efforts are successful; and previews the Commission’s action plan for these final few months.