OneTrust GDPR Deep Dive Series Chapter 7: Cooperation and Consistency
Chapter 7 establishes the European Data Protection Board (EDPB), outlines communication and despite resolutions processes, and enables a consistent approach to data processing regulations cross the European Union (EU).
The most significant aspect of the chapter is the creation of the EDPB serving as a centralised body for data protection in the EU. It is comprised of one Data Protection Authority (DPA) from each Member State, the European Data Protection Supervisor (EDPS), and a non-voting representative from the European Commission. The EDPS can only vote on dispute resolution decisions if they pertain to the principles and rules of EU institutions, which relate substantively to the GDPR.
The powers and authorities of the EDPB, as outlined in this chapter, include:
- Ensuring consistent application across Member States
- Advising the European Commission on data protection and on future amendments to the GDPR
- Issuing guidance or best practices on erasure of links or copies of personal data from publicly available communication services
- Determining what constitutes personal data breaches and undue delay of breach notification
- Accrediting certification bodies and outlining data protection certification mechanisms
- Defining 3rd country protection adequacies
Another key component in Chapter 7 is the establishment of baselines for the consistent application of the GDPR throughout the Union, or a consistency mechanism, according to Article 63. This mechanism will help organisations who operate across Member States’ jurisdictions manage data protection inconsistencies should they arise. If a DPA, for example, wants to make changes to data protection guidelines and best practices at the Member State level, they must submit those changes to the EDPB for approval and reduce ad hoc adjustments.
While the inclusion of the EDPB as an additional step in the process could slow down dispute resolutions or adjudication, it will enable transparent lines of communications between DPAs and European institutions and bodies, while ensuring consistent application of the GDPR throughout the Union.
Chapter 7 Sections, Articles & Descriptions
Section 1 –– Cooperation
Article 60: Cooperation between the lead supervisory authority and the other supervisory authorities concerned
Article 61: Mutual assistance
Article 62: Joint operations of supervisory authorities
Section 2 –– Consistency
Article 63: Consistency mechanism
Article 64: Opinion of the Board
Article 65: Dispute resolution by the Board
Article 66: Urgency procedure
Article 67: Exchange of information
Section 3 –– European data protection board
Article 68: European Data Protection Board
Article 69: Independence
Article 70: Tasks of the Board
Article 71: Reports
Article 72: Procedure
Article 73: Chair
Article 74: Tasks of the Chair
Article 75: Secretariat
Article 76: Confidentiality