GDPR – a headache for Data Protection Authorities

With the General Data Protection Regulation only some days away, it’s not just companies upgrading their privacy management systems – also the Data Protection Authorities are preparing to meet their increased obligations under the new law.

More than a year ago, Prof. Dr. Alexander Roßnagel prepared an expert opinion on the additional workload caused by the GDPR for the German state DPAs (in German): (in German)

He estimated that each DPA would need in addition to its current staff 12-19 lawyers, 4-5 IT experts, 2 educational and 6 administrative roles. – At the beginning fo 2017, the planned staff increase fell far short of this (49 for the federal DPA, 8 and below for the different states were planned as new positions for 2017). It’s also interesting that he didn’t list separate categories for “privacy managers” or “auditors”.

The mechanisms for mutual cooperation between the European DPAs are new and quite complex (Art. 60 – 62), especially as communcations might take place in a variety of languages. Also the consistency mechanism (Art. 63 – 66) might turn out to be quite demanding. – In situations in which the One-Stop-Shop (OSS) approach cannot be applied, the DPAs will first have to jointly determine their respective responsibilities. It will be very interesting to see how these mechanisms will work out.

Article 29 Working Party on Feb2018 Plenary Meeting

– incl. some details that we didn’t see on their web site yet, e.g.

CISPE Code of Conduct

The plenary adopted a letter addressed to the Association of Cloud Infrastructure Services Providers in Europe (CISPE) giving substantial feedback on the provisions of CISPE’s code of conduct. ”

(I assume that wasn’t good news for CISPE. )

List of web security and privacy scanner web sites

Privacy specific scanner:

Other scanners:

Online web spiders