First GDPR Cases Begin Working Through EU Enforcement Agencies
The U.K. privacy watchdog is dealing with its first general data protection regulation cases, but "it's too early to speculate on enforcement action," an Information Commissioner's Office spokesperson emailed Wednesday. The ICO started using its "powers of assessment and audit…
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
in order to begin looking at certain organisations' data protection practices." French data protection agency CNIL (Commission Nationale de l'Informatique et des Libertes) said it hasn't yet issued fines based on the GDPR. With the regulation having taken effect May 25 (see 1805230001), "the complaints brought before the CNIL in relation to the GDPR are currently in a trial phase and we do not yet know when the CNIL will deliver its decisions," a spokesperson emailed. No enforcement issues have arrived at the European Data Protection Board, a spokeswoman told us. The EDPB is involved only if there's a cross-border dimension that requires national supervisory authorities to work together to ensure the GDPR is consistently applied, she said. Under that mechanism, the board issues opinions or, if there's a dispute between national data protection authorities, binding decisions to arbitrate. "It's the calm before the storm," emailed Hogan Lovells (London) data protection attorney Eduardo Ustaran.