GDPR. Ready or Not, Here it Comes.

Last month, the current Working Party 29 Chair and French Privacy Chief, Isabelle Falque-Pierrotin, expressed concerns that the EU Data Protection Authorities (DPAs) aren’t ready for the May GDPR deadline — casting more uncertainty over how the GDPR will be implemented in practice.

Founded in 1995, the Article 29 Working Party, or WP29, serves as an advisory board on data protection directives for the European Union and has established guidelines for the GDPR rollout. Its recommendations aren’t necessarily binding, but its taken very, very seriously by lawyers and DPAs alike.

Specifically, under the Article 63: Consistency Mechanism, of the GDPR, there’s a “consistency mechanism” mandate, also referred to as a “one-stop-shop” provision, which presses DPAs to ensure they’re enforcing the regulation consistently throughout the EU. As stated by the good folks at ReedSmith’s Technology Law Dispatch

DPAs are responsible for enforcing data protection laws at the national level, and provid[ing] guidance on the interpretation of those laws. To ensure the consistent application of the GDPR, DPAs in each member state should cooperate through the consistency mechanism (GDPR, Article 63). The consistency mechanism kicks in when a DPA makes a decision affecting data processing across multiple members states that would substantially impact a significant number of data subjects.

To make the outlook for GDPR enforcement even more volatile, in January, the Irish Times reported that the European Commission identified only two member states that are ready for the GDPR: Germany and Austria.

All of which highlights how important it is to follow developments within the EU as companies get ready to comply with the GDPR, and how the enforcement environment will evolve after the GDPR begins to be implemented on May 25th. It’s clear that regulators and companies alike will face a learning curve come May 25th.

Our customers have been using Immuta to prepare for this changing regulatory environment and ensure they are fully compliant with the GDPR. We provide the industry’s only enterprise data management platform for data science, enabling organizations to understand and manage the risks associated with the data being used for their predictive and machine learning models.

The Immuta platform makes it incredibly easy for enterprises to comply with industry regulations. Through our platform, you can enforce purpose-based restrictions on data, apply complex policies, apply differential privacy to any database, and have complete control of your data environment. To learn more about how Immuta can help your organization prepare for the GDPR, download our sample GDPR memo or reach out to us at