It has been more than six years since RODO came into force, and yet for many organisations – especially micro, small and medium-sized ones – data protection legislation still remains a barrier that is difficult to overcome. The European Data Protection Board (EDPB) wants to change that. At a recent meeting in Helsinki, new practical tools were announced to help companies not only understand the RODO, but also apply it in their day-to-day operations.
Less chaos after data breaches
One of the main points of the EDPB initiative is the ready-made templates for reporting data breaches to national supervisory authorities. Until now, companies have often acted in a panic, not knowing what information to submit and by what deadline. Now they are to be provided with standardised forms, checklists and manuals that will structure the process.
This is particularly important for smaller entities that do not have their own legal department or compliance team. This facilitation can also prove crucial for IT and SME partners who support clients in the area of data security – a simplified process means less risk and fewer mistakes.
Common standards across the EU
The second pillar of the EDPB’s new strategy is to strengthen cross-border cooperation between supervisory authorities in the European Union. Until now, differences in interpretation between countries have been able to create legal uncertainty, especially for companies operating in multiple markets at the same time.
The plan is to develop common guidelines and create a forum for the exchange of experience between regulators. This is expected to translate into greater consistency in case law and more predictable supervisory decisions. The result is expected to be not only greater clarity for business, but also faster and more uniform responses in strategic and cross-border cases.
A new opening for education
The EDPB also wants to change the way companies are informed about their obligations. In addition to educational material, national authorities will publish sets of positions and decisions to act as guides to the practice of applying RODO. This type of action can effectively reduce the uncertainty surrounding the interpretation of the rules – especially in a dynamic environment of technology and cyber threats.
The EDPB’s actions are part of a broader trend of ‘democratising compliance’ – that is, making tools and knowledge available to all, not just the biggest players. This is a step in the right direction, especially against the backdrop of the rise in security incidents and the increasing expectations of companies in terms of data protection. Technology is evolving faster and faster – regulation needs to keep up too. But this time, at least in theory, they have to keep up in a more business-friendly way.
