200 cases
The European Data Protection Board (EDPB) has probably now got over 200* cross-border case to adjudicate on after having them passed on from national data protection regulators (i.e. the various national equivalents of the UK’s Information Commissioner’s Office). The Board acts as a kind of Europe-wide master legislator, both defining what some of the more amorphous clauses of the GDPR mean (as its predecessor body, the Article 29 Working Party did) and judging cross-border cases where individual national regulators can’t.
In amongst those cases it’s fair to assume that there will be some scenarios which will be critical in defining what’s acceptable data management practice in the future. Irrespective of the progress of Brexit, these will be key to British businesses wanting to continue to attract and interact with customers in other European countries. So, the EDPB’s rulings will be keenly awaited – but they may not necessarily benefit from wide publicity as some national GDPR laws (not the UK’s 2018 Data Protection Act) require the anonymisation of bodies fined for infringements.
So, keep an eye out!
*That’s a guesstimate based on the 162 the EDPB’s Chair revealed they had received up to late October
