by Rocco Panetta
A few days ago we celebrated the first three years of implementation of the General Data Protection Regulation (GDPR). A symbolic moment of undoubted historical importance. The impact of the GDPR on the lives of businesses, public administrations and professionals is now plain for all to see and therefore undeniable.
So what is the outcome of this first three-year period of application? I have tried to answer this question posed to me by the editor-in-chief Alessandro Longo, whom I would like to thank, by considering three different angles from which I believe we can best observe the excellent results of these first three years of application (as well as the challenges that still await us in the years to come).
The work of the EDPB after three years of GDPR
The first perspective from which to look at these first three years of GDPR is certainly the European one. The visual angle must be focused on the activity of one institution in particular, namely the European Data Protection Board (EDPB). And it could not be otherwise, since the EDPB was born precisely with the European regulation that replaced Directive 95/46/EC. Directive that in its time had set up that Working Party under Article 29 of the Directive itself (WP29) whose opinions and guidelines still constitute the cornerstones of the matter, even in daily practice
Three years after that momentous handover, we can say that the EDPB has begun to understand the nature of its role, at least with regard to the need to provide continuous horizons in a rapidly evolving subject with a vast impact within and beyond the EU. The EDPB has not failed in these years to play well the role of first advisor to institutions, businesses and citizens in the delicate phase of the GDPR launch….
Originally published on Agenda Digitale.