The General Data Protection Regulation (GDPR) is now in effect.  On the 25th of May, the day the GDPR took effect, Commissioner Jourová made a speech, in Brussels, at the General Data Protection Regulation conference to mark the beginning of a new chapter in data protection’s history in the EU. In her speech, the Commissioner recalled that data protection is of vital importance for EU citizens as personal data protection is a fundamental right in the EU and that this matter is also crucial for businesses as personal data protection is an issue for trust in the digital market.

However, some EU countries, including Belgium, Greece and Hungary for example, missed the May 25th deadline and are not ready to fully enforce the GDPR. This creates legal uncertainty for both citizens and companies.

A few days before, the Commissioner said that the Commission would not hesitate to take EU Members States to court for missing the delay in serious cases. Indeed, EU Members Sates have had two years to implement the GDPR and to engage in action.

In her speech on 25th of May, the Commissioner insisted that the Commission will take appropriate actions to ensure the protection of personal data, including recourse of infringement actions. In this way, the Commission has allocated grants to support new Data Protection Authorities in the organization for awareness-raising activities that will start from July 2018 and will continue in 2019.

The Commission will take stock of the Regulation implementation after one year, in May 2019.

At the same time, the European Data Protection Board (EDPB) became operational and has succeeded the Article 29 Working Party. The EDPB is an independent EU decision making body with legal authority created by the GDPR. For its part, the EDPB is ready to fully enforce the GDPR. On the 25th of May, in the morning, Ms Jelinek, former head of Austria’s data protection authority, was elected as Chair of the EDPB. The new EDPB’s website is also fully operational at this link.