GDPR

GDPR – two years of application of the european data protection instrument at national level

By Mugurel Olariu, RPD protectie date

May 25, 2020, marked the passage of a period of two years from the beginning of the direct application of the General Data Protection Regulation – GDPR, in all EU Member States, and therefore in Romania.
At the level of the Romanian National Supervisory Authority, this anniversary was celebrated through three events posted on the official website, respectively:
An online drawing contest for children up to 14 years old, which can be found at https://www.dataprotection.ro/?-page=Concurs_ANS_2_ani_RGPD&lang=ro
Promotion of a video of the EDPB, which makes a basic presentation of data protection and can be viewed at the link https://youtu.be/UI51UWltFAk
An information message regarding the activity of the authority, which can be accessed at the link https://www.dataprotection.ro/?page=25%20Mai%202020%20-%20implinirea%20a%202%20ani%20de%20aplicare%20a%20GDPR%20%20&lang=ro

At the level of the European Data Protection Board – EDPB, the activity took place through the organization and conduct of five remote plenary meetings – 25 to 29, respectively on 5, 8, 12, 19 and 26 May 2020. The current issues analyzed and discussed in these plenary sessions were represented by the following topics:
– The EDPB letter on the presidential elections in Poland by postal vote
– Decree of the Hungarian government in relation to COVID-19 during the state of emergency
– Letter from Amazon to the President of the EDPB on the COVID- 19 project
– Processing of personal data for the purpose of reopening EU borders in the context of COVID-19
– Letter open from NOYB to EDPB and others.

At its 28th plenary meeting on 19 May, the Board mentions in Agenda of FOR DISCUSSION AND/OR ADOPTED – Expert Subgroups and Secretariat, the following topics:
3.1. Key provision ESG
– Opinion on the draft standard contractual clauses submitted by the Slovenian Supervisory Authority (art. 28.8 GDPR) – became Opinion 17/2020.
3.2. Cooperation ESG
– The EDPB website – publicly available summaries of Art. 60 decision
3.3. International Transfers ESG
– vInteraction of the EDPB with the U.S. PCAOB on draft administrative arrangements for transfer of data with EU auditor supervisory bodies.

We also mention that this year, the EDPB issued, on the Codes of Conduct on the approval the draft accreditation requirements for a code of conduct monitoring body pursuant to the Article 41 RGPD, a number of seven opinions:
– Pinion 1/2020 for the Spanish Supervisory Authority,
– Pinion 2/2020 for the Belgian Supervisory Authority,
– Pinion 3/2020 for the French Supervisory Authority, all three being adopted on 28 January 2020.
– Pinion 10/2020 for the German Supervisory Authority,
– Pinion 11/2020 for the Supervisory Authority of Ireland,
– Pinion 12/2020 for the Finnish Supervisory Authority,
– Pinion 13/2020 for the Italian Supervisory Authority, the last four being adopted on 25 May
2020

It should also be noted that last year the EDPB issued two opinions on this topic, namely Opinion 9/2019 for the Austrian Supervisory Authority on 9 July 2019 and Opinion 17/2019 for the United Kingdom Supervisory Authority on 2 December 2019.

Thus, at the level of the National Supervisory Authorities, the accreditation criteria for the monitoring bodies must be developed, these being subject to the opinion of the EDPB, within the coherence mechanism established by the GDPR.
Regarding the draft Code of Conduct initiated and elaborated by the five professional associations, respectively: ROMBET, ROMSLOT, ROMANAIAN BOOKMAKERS, AOPJNR and EXPROGAME, we specify that ANSPDCP sent us by the reply letter from March 2020, apart from the observations related to the draft Code and the fact that we have to wait for the elaboration and publication of the accreditation criteria for the monitoring bodies, and we will later retransmit it for approval.
In conclusion, we appreciate that at the level of ANSPDCP in Romania these criteria will be developed in the near future, an aspect likely to generate the completion of the approach started in November 2018, by the five professional associations mentioned above, that of elaboration and progress in order approval of the draft CODE OF CONDUCT FOR THE PROCESSING OF PERSONAL DATA IN THE GAMBLING INDUSTRY in accordance with the EU General Data Protection Regulation (GDPR).