iCompaas Support

Overview

This article defines the Commission’s power to adopt delegated acts under Articles 12(8) and 43(8). The delegation is granted indefinitely from May 24, 2016, but may be revoked by the European Parliament or Council. Delegated acts take effect unless objected to within three months, extendable by an additional three months, with notification to both institutions.

Key Principles

• Delegation of Authority: The Commission can adopt delegated acts under specified GDPR provisions.

• Indefinite Delegation: Power granted from May 24, 2016, unless revoked.

• Parliamentary Oversight: European Parliament and Council may revoke the delegation.

• Objection Period: Delegated acts take effect unless objected to within three months (extendable).

• Transparency: Notifications of delegated acts and objections are communicated to both legislative bodies.
  
  

Organizational Applicability

This article applies to:

• European Commission officials responsible for adopting delegated acts.

• European Parliament and Council monitoring and reviewing delegated acts.

• Supervisory authorities and controllers/processors affected by delegated acts.

• Legal and compliance teams tracking regulatory updates and delegated legislation.
  
  

Implementation Requirements

• Monitor and document delegated acts adopted by the Commission under Articles 12(8) and 43(8).

• Ensure awareness of objection timelines and extension provisions.

• Communicate relevant acts and updates to affected supervisory authorities, controllers, and processors.

• Track any revocation of delegation by Parliament or Council.
  
  

Implementation Guidance

• Maintain a registry of delegated acts and notification timelines.

• Train legal and compliance teams on implications of delegated acts for organizational operations.

• Establish internal procedures to respond to changes or objections related to delegated acts.

• Periodically review delegated acts for impact on GDPR compliance and operations.
  
  

Periodic Review

• Frequency: Annually or when new delegated acts are adopted or objections occur.

• Responsible Role: Compliance Team, Legal Department, or DPO.

• Outcome: Ensure awareness, compliance, and timely response to delegated acts adopted by the Commission.
  
  

Non-Compliance Risks

• Fines: Up to €20 million or 4% of global annual turnover for non-compliance with GDPR provisions impacted by delegated acts.

• Legal Exposure: Challenges or violations arising from unawareness or misinterpretation of delegated acts.

• Reputational Damage: Loss of trust due to failure to adhere to delegated regulations.

• Operational Risk: Delays or errors in compliance processes due to overlooked delegated legislation.