The GDPR timeline
For those that really want to understand the General Data Protection Regulation (GDPR) and why it is so important now, we have published this useful timeline.
The GDPR Deadine is approaching very soon so your organisation needs to get ready for it. A good GDPR strategy and understanding is crucial if you want to mitigate the significant risks that your organisation maybe exposed to.
Timeline
OECD Issued recommendations for the protection of personal data
Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 1980
Directive 95/46/EC, A more binding form of governance in the Data Protection Directive
Europa, 1995
Safe Harbour Principles were developed. Designed to prevent the disclosing or losing of personal information (Europa, 2000)
- Notice – Individuals must be informed
- Choice – options to opt out
- Onward Transfer – only allowable for organisations that follow adequate data protection principles
- Security – reasonable efforts to prevent loss of collected information
- Data Integrity – data must be relevant and reliable for the purpose it was collected
- Access – Individuals must have access to information held, corrections or delete if inaccurate
- Enforcement – An effective means of enforcement must exist
US Patriot act, Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism
Government Publishing Office (US), 2001
EU found that (WP29, 2002)
...a substantial number of organisations that have self-certified adherence to the Safe Harbour do not seem to be observing the expected degree of transparency as regards their overall commitment or as regards the contents of their privacy policies..
...not all dispute resolution mechanisms have indicated publicly their intention to enforce Safe Harbour...
...not all have in place privacy practices applicable to themselves...
EDPS – European Data protection supervisor publishes an opinion on the European Commission's Communication
European Data Protection Supervisor, 2011
Microsoft UK MD states that
Cloud Data, regardless of where it is in the world, is not protected against the Patriot Act
Whittacker, 2011
EC - Proposal to strengthen online privacy rights and digital economy
Europa, 2012
EDPS Opinion on EC data protection reform Package
EUROPEAN DATA PROTECTION SUPERVISOR, 2012
WP29 Opinion on data reform proposal
ARTICLE 29 DATA PROTECTION WORKING PARTY, 2012
WP29 Update on data protection reform
ARTICLE 29 DATA PROTECTION WORKING PARTY, 2012
Edward Snowden’s revelations concerning activities of the United States Intelligence Services
Gellman, Blake, & Miller, 2013
EP Adopts GDPR
The European Parliament, 2014
Maximillian Shrems case aimed at prohibiting Facebook, in light of the Snowden revelations, from transferring data from Ireland to United States was heard by CJEU
(InfoCuria - Case-law of the Court of Justice, 2015
Advocate General, Yves Bot stated that
...the European Commission was unable to guarantee that "adequate" safeguards for the protection of data are met
Court of Justice of the European Union, 2015
The council reaches a general approach on the GDPR
EDPS recommendations on the final text of GDPR
Official Journal of the European Union, 2015
European Court of Justice invalidates the Safe Harbour Decision
...compromising the essence of the fundamental right to respect for private life...
EUR-Lex, 2015
EP, Council and EC reach an agreement on the GDPR
Council of the European Union, 2015
Article 29 Working Party issues an action plan for the implementation of the GDPR
Article 29 Working Party, 2017
The Regulation enters into force, 20 days after publication in the official journal of the EU
Council of the European Union, 2016
EC proposes two new regulations on privacy and electronic communications and on the data protection rules applicable to EU institutions
European Commission, 2017
Data Protection Directive for the police and justice sectors into national legislation applicable from this day
Parliament, 2018
The General Data Protection Regulation will apply from this day
Bibliography
- ARTICLE 29 DATA PROTECTION WORKING PARTY. (2012, March 23). Opinion 01/2012 on the data protection reform proposals . Retrieved from Opinion 01/2012 on the data protection reform proposals : http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp191_en.pdf
- ARTICLE 29 DATA PROTECTION WORKING PARTY. (2012, October 5). Opinion 08/2012 providing further input on the data protection reform discussions. Retrieved from Europa.eu: http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2012/wp199_en.pdf Article 29 Working Party. (2017, January 16). ADOPTION OF 2017 GDPR ACTION PLAN. EU Press Release.
- COMMISSION OF THE EUROPEAN COMMUNITIES. (2000, July 26). europa justice. Retrieved from http://www.ec.europa.eu/justice_home/fsj/privacy/docs/adequacy/sec-2002-196/sec-2002-196_en.pdf
- Council of the European Union. (2015, June 2015). Data Protection: Council agrees on a general approach. Retrieved from Europa.EU: http://www.consilium.europa.eu/en/press/press-releases/2015/06/15/jha-data-protection/
- Council of the European Union. (2015, Decemeber 18). EU data protection reform: Council confirms agreement with the European Parliament. Retrieved from Europa.eu: http://www.consilium.europa.eu/en/press/press-releases/2015/12/18/data-protection/
- Council of the European Union. (2016, May 24). The general data protection regulation. Retrieved from Europa.eu: http://www.consilium.europa.eu/en/policies/data-protection-reform/data-protection-regulation/
- Court of Justice of the European Union. (2015, September 23). Advocate General’s Opinion in Case C-362/14. Retrieved from Europa.eu: https://curia.europa.eu/jcms/upload/docs/application/pdf/2015-09/cp150106en.pdf
- EUR-Lex. (2015, October 6). Access to European Law. Retrieved from Europa.EA: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=ecli%3AECLI%3AEU%3AC%3A2015%3A650
- Europa. (1995, October 24). Access to European Law. Retrieved from EUR-Lex: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A31995L0046
- Europa. (2000, July 26 ). Access to European Law. Retrieved from EUR-Lex: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32000D0520
- Europa. (2012, January 25). Commission proposes a comprehensive reform of data protection rules to increase users' control of their data and to cut costs for businesses. Retrieved from European Commission - Press release: http://europa.eu/rapid/press-release_IP-12-46_en.htm
- European Commission. (2017, January 10). Commission proposes high level of privacy rules for all electronic communications and updates data protection rules for EU institutions. Retrieved from Press Release Database: http://europa.eu/rapid/press-release_IP-17-16_en.htm
- European Data Protection Superisor. (2011, January 14). Opinion of the European Data Protection Supervisor. Retrieved from https://edps.europa.eu/sites/edp/files/publication/11-01-14_personal_data_protection_en.pdf
- EUROPEAN DATA PROTECTION SUPERVISOR. (2012, March 7). Executive summary EDPS Opinion of 7 March 2012 on the data protection reform package. Retrieved from Official Journal of the European Union : https://edps.europa.eu/sites/edp/files/publication/12-03-07_edps_reform_package_summary_en.pdf
- Gellman, B., Blake, A., & Miller, G. (2013, June 9). The Washington Post. Retrieved from Edward Snowden comes forward as source of NSA leaks: https://www.washingtonpost.com/politics/intelligence-leaders-push-back-on-leakers-media/2013/06/09/fff80160-d122-11e2-a73e-826d299ff459_story.html?noredirect=on&utm_term=.874e4877bf35
- Government Publishing Office (US). (2001, October 26). PLAW-107publ56.pdf. Retrieved from Government Publishing Office (US): https://www.gpo.gov/fdsys/pkg/PLAW-107publ56/pdf/PLAW-107publ56.pdf
- Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. (1980, September 23). Retrieved from OECD: http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm
- InfoCuria - Case-law of the Court of Justice. (2015, October 6). JUDGMENT OF THE COURT (Grand Chamber). Retrieved from Europa.EU: http://curia.europa.eu/juris/document/document.jsf?docid=169195&doclang=EN
- Official Journal of the European Union. (2015, October 12). EDPS recommendations on the EU’s options for data protection reform. Retrieved from EUR-Lex: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52015XX0912%2801%29
- Parliament. (2018, March 1). Data Protection Bill 2017-19. London: House of Commons. Retrieved from House of Commons Library.
- The European Parliament. (2014, March 12). Protection of individuals with regard to the processing of personal data. Retrieved from Europa.ea: http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT%20TA%20P7-TA-2014-0212%200%20DOC%20XML%20V0//EN
- Whittacker, Z. (2011, June 28). Microsoft admits Patriot Act can access EU-based cloud data. Retrieved from zdnet: https://www.zdnet.com/article/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/
- WP29. (2002, July 2). Working Document on Functioning of the Safe Harbor Agreement. Retrieved from http://ec.europa.eu/justice/article-29/documentation/opinion-recommendation/files/2002/wp62_en.pdf
Last Updated: 10 May 2018