Stakeholders have written a joint letter to Article 29 Working Party (WP29) expressing their concerns about the GDPR consultation process. They believe that the GDPR consultation processes which have taken place so far with 30-day deadlines to respond were much too short, and that a reasonable consultation period (for example 8 weeks) should be set.
An additional concern is that the WP29 guidelines effectively introduce additional rules. The WP29 guidelines are non-binding, but can still be introduced as compulsory requirements at national level. The stakeholders therefore point out that whilst it is important that they provide clarity and help facilitate implementation, they should not undermine the GDPR’s provisions.
To date, the WP29 have issued guidelines on data portability, data protection officers and lead supervisory authorities, as well as draft guidelines on data protection impact assessments. Further guidance is being prepared by the WP29 on:
- Administrative fines
- Notification of personal data breaches
- Tools for international transfers