On January 3, 2017, the WP29 (group of the European data protection authorities) adopted its second Action Plan for 2017 which complements the 2016 priorities and draws new objectives and deliverables for the coming year.
The main lines of the 2017 Action Plan are follows:
  1. New guidelines

In its 2017 Action Plan, the WP29 has committed to releasing guidelines on the following topics:

  • Consent and profiling
  • Certification ;
  • Processing likely to result in a high risk and Data Protection Impact Assessments (DPIA);
  • Administrative fines;
  • The setting up the European Data Protection Board (EDPB) structure in terms of administration (e.g. IT, human resources, service level agreements and budget) ;
  • The preparation of the one stop shop and the EDPB consistency mechanism.

At the same time, the WP29 will work on the update of already existing opinions and referentials on data transfers to third countries and data breach notifications.

  1. Organisation of Fablab and workshop with stakeholders

The WP29 wishes to once again consult the relevant stakeholders (e.g.: business and civil society representatives).

To this end a second Fablab will take place on April 5 and 6, 2017 at which interested stakeholders will be invited to present their views and comments on the new 2017 priorities. Relevant public consultations may be launched at a national level by DPAs.

The WP29 will also organise an interactive workshop on May 18 and 19, 2017, where non-EU counterparts will be invited to exchange views on the GDPR and its implementation by the WP29.

This new action plan will be reviewed periodically and will be complemented in 2018.