EDPB plans coordinated enforcement action on subject access



During its October plenary, the European Data Protection Board (EDPB) selected the topic for its third coordinated enforcement action; how companies implement EU GDPR’s Subject Access Right. The enforcement action is planned for 2024, with targeted follow-up on both national and EU levels.

Speaking about risk management at the Global Privacy Assembly (DPA network) in Bermuda yesterday, EDPB Chair Anu Talus said that a risk-based approach is an underlying feature of the GDPR.

Fundamental rights are not negotiable but technical solutions can be used to guarantee them – the question is about how to achieve a balance, she said. The EDPB promotes this approach by issuing guidance so that companies can assess their risk. Also, the EDPB’s targeted enforcement actions are based on the DPAs’ assessment of risk, she stressed.

At the conference, Talus accepted the Giovanni Buttarelli award on behalf of Andrea Jelinek, previous EDPB chair. The award was set up to commemorate Buttarelli’s work in data protection and as European Data Protection Supervisor.

Mrs Jelinek, who was the first Chair of the EDPB, said she was honoured, but that the award was recognition not just for her work, but for the work of the Board and its secretariat.

Bringing together more than 130 data protection and privacy regulators worldwide, the Global Privacy Assembly (GPA) is a forum that seeks to provide leadership in data protection and privacy.

The conference continues today in Bermuda with the closed sessions for the privacy commissioners. See the agenda.

PL&B moderated a session on Caribbean privacy laws, the opening session of the conference.

We will report from the conference in more detail in the next issue of Privacy Laws & Business International Report.