European Data Protection Board

Europe’s new data protection rules and the EDPB: giving individuals greater control

Generic picture Press release
Friday, 25 May, 2018

Brussels, 25 May - Today the European Data Protection Board (EDPB) held its first plenary meeting. This new, independent EU decision-making-body with legal personality is created by the General Data Protection Regulation (GDPR), which enters into application as of today. The EDPB, which succeeds the Article 29 Working Party, brings together the EDPS (European Data Protection Supervisor) and the Member State supervisory authorities to ensure a consistent application of the GDPR throughout the European Union, as well as consistent protection of individuals.  In addition, the EDPB oversees the implementation of the Data Protection Law Enforcement Directive.

Andrea Jelinek, Chair of the EDPB: “This much awaited legislation gives individuals greater control over their personal data and provides a single set of rules applicable to everyone processing the personal data of individuals in the EU. In a world where data is treated as a currency, the rights of individuals were often overlooked or even flouted. We should not lose sight of the fact that personal data are inherent to human beings. I am convinced that the GDPR gives individuals and supervisory authorities the means to effectively protect and enforce this fundamental right.

“The new data protection requirements have often been narrowed down to focus on the risk of incurring high fines, but the GDPR is much more than that. It is about putting the rights of individuals first and upgrading the EU data protection rules so that they are efficient and ready for the future. At the same time, companies doing business in Europe will benefit from the GDPR as it provides legal certainty and makes it easier to operate across the internal market. In addition, being compliant with the GDPR will contribute to the good reputation of companies. In our data-driven economy a reputation can be destroyed within a few days if people loose trust in whether a company handles their data carefully.”

Andrea Jelinek concluded by underlining the importance of cooperation to make the GDPR a success: “It is crucial that as the EDPB we unite our forces to ensure a high and consistent level of data protection for individuals, wherever in the EU they are based. We will also promote awareness of data protection rights to the public. The EDPB is a newly created body of the EU that is equipped with a new governance and coordination model and the power to adopt binding decisions. This will allow us to play our role efficiently in giving guidance on key concepts of the GDPR.”

The GDPR is a new European law that tightens control over how people and organisations use and share individuals’ personal data. It also applies to organisations outside Europe targeting EU individuals or monitoring their behaviour. The GDPR replaces the EU Data Protection Directive which dates back to 1995, when the internet was still in its early stages. It replaces a patchwork of national laws with a single EU Regulation designed to make organisations more accountable, give individuals more control over their data and aims to improve legal certainty for businesses, so as to boost innovation and the future development of the digital single market.