Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends
Posted in International/EU Privacy

How To Work With Your European Data Protection Authority

Globe with fiber opticsAt this week’s IAPP Privacy Academy in Seattle, Washington, Harriet Pearson, Partner in the Hogan Lovells Privacy and Information Management Practice, hosted a breakout session entitled How to Work with Your European Data Protection Authority.  The Session featured Billy Hawkes, Data Protection Commissioner of Ireland, and focused on providing privacy practitioners with practical advice on how to approach a Data Protection Authority (DPA) and earn their trust. The session also addressed practical compliance questions for European markets, gave advice on making successful regulatory filings, and gave tips for handling complaints and other challenging situations.

Hogan Lovells has published Working with your European Data Protection Authority, a quick-reference resource guide on how to build a productive relationship with your DPA and featuring contact information of all national European Data Protection Authorities and the European Data Protection Supervisor.

From the European DPA resource guide:

10 Steps to a Productive Relationship with your DPA 

  1. In the jurisdictions important to your organization, identify the DPAs and their key staff.
  2. Understand the DPA’s current priorities and prior statements and positions.
  3. Identify the filing and registration requirements in the DPA’s jurisdiction, and make sure your organization takes steps to comply.
  4. Document key features of your privacy program and be prepared to explain if and when requested by your DPA.
  5. Consider whether to ask for an introductory meeting with the DPA or staff.
  6. Don’t assume DPA knows your company, even if you work for a “brand” name — educate them!
  7. Join and participate–if possible–in local group or association meetings with DPA or staff.
  8. Consider proactive approach – direct or through third party – to test DPA reaction to key projects.
  9. Handle data subject complaints promptly, before they escalate to DPA.
  10. Attend and network at key international conferences attended by DPAs