Articles

GDPR is effective: Will GDPR guidelines from national authorities be binding?

Stibbe - Will GDPR guidelines from national authorities be binding?

GDPR is effective: Will GDPR guidelines from national authorities be binding?

31.05.2018 EU law

GDPR is now fully effective. Preparing your company for the application of this new regulation requires a correct understanding of its principles. We highlighted a series of 12 common misconceptions regarding the interpretation of the GDPR.

Will GDPR guidelines from national authorities be binding?

Doubts exist as to the binding effects of guidelines issued by the different national authorities that further elaborate the different aspects of the GDPR. This could lead to potentially contradictory instructions for multinational corporate groups that have subsidiaries in different Member States where the corresponding data protection authorities could have issued differing guidelines on the application of a same provision of the GDPR.

In that respect, the interpretation adopted by a national authority on specific provisions of the GDPR will only be binding for those companies (or groups of companies) whose “main establishment” (i.e., the place where decisions on data processing are taken in the European Union) is located in the territory of the country in question.

In any event, and as a general rule under the GDPR, the European Data Protection Committee holds an ultimate power to interpret any provision on a number of subject matters listed in Article 70 (including, for example, those related to profiling, notification of security breaches, international data transfers, or sanctions).

 

Stibbe, together with Chiomenti, Cuatrecasas, GIDE and Gleiss Lutz, have gathered this useful information, reflecting some common misconceptions about the implementation of the GDPR.

Team

Related news

24.09.2021 EU law
Digital Law Up(to)date: (1) the download of a software with a permanent licence can constitute a “sale of goods”; (2) alert of the BEUC regarding the privacy policy of WhatsApp and its new term of use

Articles - In this blog, we briefly present two interesting news in the field of digital law: (1) a judgment of the CJEU considering that the download of a software with a permanent licence can constitute a “sale of goods”, and (2) an alert of the BEUC regarding the privacy policy of WhatsApp and its new terms of use.

Read more

09.09.2021 BE law
Digital Law Up(to)date: (1) Parliamentary initiatives about cyber attacks; (2) ‘Zero tariff’ options before the CJEU; and (3) Council of State, GDPR and encryption

Articles - In this blog, we briefly present three interesting news in the field of digital law: (1) Parliamentary initiatives to tackle cyber attacks (2) "Zero tariff" options and open internet access do not mix! (3) Council of State, GDPR and encryption: validation of a decision of the Flemish Authorities

Read more

26.08.2021 BE law
Sarah De Wulf and Malik Baba co-authored a book dedicated to the legal aspects of the video-game industry

Articles - The book, entitled 'Legal Aspects of the video-game industry', provides a first answer to the most important legal questions that might arise in the lifecycle of a video-game company. These insights are intended to be applicable irrespective of jurisdictions, illustrated by real-life situations and easy to read for individuals without a legal background.

Read more

13.09.2021 NL law
Adopting the new Standard Contractual Clauses to secure international personal data transfers

Short Reads - Recently, the European Commission issued an implementing decision on standard new contractual clauses (“SCCs”) for the transfer of personal data to countries outside the European Economic Area. Organisations need to use the new SCCs from 27 September 2021 and onwards. Transitional periods apply for existing international data transfer agreements. To meet their obligations under the General Data Protection Regulation, organisations need to make the appropriate changes in time.

Read more

26.08.2021 EU law
Facebook/Belgian DPA: Landmark ruling on cross-border enforcement under the GDPR

Short Reads - On 15 June 2021, the CJEU delivered an important judgment on the one-stop-shop mechanism. While the CJEU reinforced that the lead supervisory authority is the sole interlocutor in cross-border processing operations, it also contributed to the effective enforcement of the GDPR by reiterating the conditions under which supervisory authorities other than the lead supervisory authority can bring enforcement actions against such processing operations.

Read more