New model of governance and accountability of data protection by Union institutions and bodies

27-10-2017

In the framework of its consideration of the Commission’s proposal on the processing of personal data by Union institutions and bodies, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs requested an impact assessment of three specific aspects of that proposal. These aspects concerned: (1) the impact of the new model of governance and accountability of data protection on Union institutions and bodies; (2) the implication of this new model in terms of budget and human resources; and (3) the risks generated by the decentralised model in terms of consistency and uniform application of the Regulation within Union institutions and bodies performing several processing activities by different controllers. The study considers the short term implications of the new governance model with regard to increased workload (for both data controllers and data protection officers) and additional investments in terms of budget and human resources. It concludes that it will only be once the 'initial period of application' has been completed that it will be possible to reasonably assess the final impact of the new model of governance and accountability on Union institutions and bodies. As for decentralisation, it considers that the proposal appears to contain adequate safeguards to offset the risks in terms of consistency and uniform application of the Regulation.

In the framework of its consideration of the Commission’s proposal on the processing of personal data by Union institutions and bodies, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs requested an impact assessment of three specific aspects of that proposal. These aspects concerned: (1) the impact of the new model of governance and accountability of data protection on Union institutions and bodies; (2) the implication of this new model in terms of budget and human resources; and (3) the risks generated by the decentralised model in terms of consistency and uniform application of the Regulation within Union institutions and bodies performing several processing activities by different controllers. The study considers the short term implications of the new governance model with regard to increased workload (for both data controllers and data protection officers) and additional investments in terms of budget and human resources. It concludes that it will only be once the 'initial period of application' has been completed that it will be possible to reasonably assess the final impact of the new model of governance and accountability on Union institutions and bodies. As for decentralisation, it considers that the proposal appears to contain adequate safeguards to offset the risks in terms of consistency and uniform application of the Regulation.

Zunanji avtor

This study has been written by Fabrice Naftalski and Louise Fauvel of Ernst & Young Société d’Avocats and Marie Brunagel and Véronique Menez of EY Advisory, at the request of the Ex-Ante Impact Assessment Unit of the Directorate for Impact Assessment and European Added Value, within the Directorate-General for Parliamentary Research Services (DG EPRS) of the European Parliament.