First overview on the implementation of the GDPR and the roles and means of the national supervisory authorities Executive Summary This document sets out an overview of the implementation and enforcement of the General Data Protection Regulation (GDPR) covering both the cooperation mechanism and the consistency findings. In comparison with the EC Directive 95/46/EC, where Supervisory Authorities (SAs) were working separately even on cross-border cases, the GDPR created a duty for the SAs to cooperate in order to provide a consistent application of the GDPR. In addition to that, the European Data Protection Board (EDPB) provides a consistency mechanism to further foster the harmonisation. Nine months after the entry into application of the GDPR, the members of the EDPB are of the opinion that the GDPR cooperation and consistency mechanism work quite well in practice. The national supervisory authorities make daily efforts to facilitate this cooperation, which implies numerous exchanges (written and oral) between them. These cooperation duties lead to extra workloads, additional time dealing with cases and have an impact on the budget of the regulators. The handling of cross border cases takes time, due to the cooperation, to the need to carry out thorough investigations and in order to national procedural rules. The national SAs have to tackle these challenges regarding the harmonized protection and enforcement of the GDPR. Until now, there are 6 final One-Stop-Shop cases. The experiences of the EDPB regarding consistency is – up to now – limited, as no dispute resolution through this new EU body was necessary during the reported period.
1