Data Protection Authorities from Poland, Slovakia, Czech Republic and Hungary are to a similar extent advanced in the preparations for starting the application of the new UE personal data protection legislation.
That is one of the conclusions of the meeting of DPAs from those countries which was held on 23 March 2017 in Krakow.
Discussion and exchange of experiences related to the application of the General Data Protection Regulation are significant, since as of 25 May 2018 the GDPR shall be directly applied in all Member States, unifying the personal data protection principles binding in their territories. It also provides for many new solutions serving this purpose – for example joint operations of DPAs or completely new obligation to consult a DPA as regards Data Protection Impact Assessment. Hence there is a need for proper preparation of DPAs for new challenges, and exchange of experiences and best practices will be perfect ways of achieving it.
The participants of the meeting shared the view that they encounter similar problems in the works on the preparation of their countries to the application of the new law. The problems concern inter alia the scope of application of the EU law or the competences of supervisory authorities in relation to law enforcement authorities. Some countries believe that it can lead to decreasing the level of data protection compared to the one currently ensured in their legal order.
One of the discussed topics was also the issue of the areas which pursuant to the GDPR can be regulated on the national level, e.g. age of a child who will be able to express consent to the processing of its personal data in the Information society services. It will be also the subject of arrangements in Poland; GIODO has already started a broad discussion on this issue.
All participants stressed that there still is a lot to be done, both with regard to the adaptation of the national legal provisions to the provisions of the GDPR and to the increase of knowledge data controllers about the new rules which they will be obliged to apply.
At the same time, all participants indicated that in order for the DPAs, protecting our fundamental rights, to be really – as provided for by the new law – strong and independent, they will have to be strengthened in terms of staff and budget. Otherwise, ensuring smooth performance of the tasks under the GDPR could at least be impeded. At the same time, discussions focused on necessary changes in the organisation of the DPAs, so as to make them fully effective and functional.
The cooperation of DPAs from the Central Europe dates back to 2001. It even transformed into regular broader cooperation of DPAs from the Central and Eastern European Countries. Regardless of the above, the meetings of the Visegrad Group countries are continued, the example of which is the meeting organised by the Office for Personal Data Protection of the Slovak Republic on 4-5 October 2016 in Slovakia. The meeting of representatives of DPAs from those countries, organised by the Inspector General for Personal Data Protection on 23 March 2017 in Krakow, was the subsequent one in the series of meetings. Emphasising the value of those meetings, enabling exchange of experiences and coordination of activities, the participants decided to continue this tradition.
At the same time, the representatives of DPAs from the Visegrad Group countries participated as well in the Conference held in Krakow on 24 March 2017 entitled “Personal Data Protection Authority in the Face of Challenges, organised by the Inspector General for Personal Data Protection with the participation of senators from the Senate’s Human Rights, the Rule of Law and Petitions Committee.