The policy seeks to encourage voluntary compliance and best practice and create sufficient incentives for compliance by:
- emphasising where the responsibility for compliance lies;
- explaining how the EDPS will support this compliance;
- explaining what the EDPS will do in the case of non-compliance.
Peter Hustinx, EDPS, says: "Holding the EU institutions accountable for ensuring compliance with data protection obligations, and for demonstrating such compliance, is a crucial first step in fostering data protection in practice. However, this must be backed up by a framework for dealing with those institutions and bodies that continue to fail to meet the required standards and demonstrate poor compliance records".
The EDPS has to date adopted an approach which prefers to make recommendations and encourage compliance rather than warn or admonish or make legally binding orders. Following five years of such activity, the EDPS believes that the time has come to take a more robust approach to enforcement, particularly in cases of serious, deliberate or repeated non compliance with data protection principles. This policy therefore introduces a set of criteria which will ensure a proactive, as well as consistent and transparent, application of his enforcement powers.
The EDPS also emphasises that transparency and publicity are an important tool both for stakeholders and in terms of good governance. In relation to his enforcement activities, the EDPS will normally publish information regarding any official referrals he makes. He will also consider, on a case-by-case basis, whether it is appropriate to make public any of the other enforcement actions pursued.
News source: EU Press Room link: article
No comments:
Post a Comment