You are here

Position paper - AmCham EU‘s Recommendations on GDPR Implementation

17 Jan 2017
All Committees
Digital Economy

Executive summary

AmCham EU’s recommendations for the implementation of the General Data Protection Regulation (GDPR) address seven specific aspects with the aim of ensuring a consistent and balanced application across Europe:

  • The one-stop shop: To add clarity, where an organisation designates a location as its main establishment, this should presumptively decide how the “main establishment” is determined.    
  • High-risk processing and Data Protection Impact Assessments (DPIAs): Additional context needs to be provided regarding what constitutes “high risk processing”.
  • Personal data breaches and notification: Guidance is needed regarding the types of breaches that create a “risk” requiring notice to Data Protection Authorities (DPAs), and what additional factors create a “high risk” requiring notice to data subjects. 
  • Approved codes of conduct and certification: They must be pragmatic and should never be less flexible than the basic rules of the GDPR.
  • Data portability: Guidance should clarify that the right covers only data provided by data subjects but not data generated by the service.
  • Sanctions: A balanced use of full spectrum of powers and dialogue with industry should be endorsed by the European Data Protection Board (EDPB).
  • Data protection officers (DPOs): Guidance should clarify, in particular, the meaning of the terms “core activities” and “large-scale processing”.