Overview
This article ensures that the General Data Protection Regulation (GDPR) does not impose additional obligations on entities already subject to Directive 2002/58/EC, which regulates the provision of publicly available electronic communications services within the Union. GDPR complements existing rules without creating duplicative compliance requirements for these entities.
Key Principles
No Additional Burden: Entities already complying with Directive 2002/58/EC are not subject to extra GDPR obligations.
Complementary Regulation: GDPR applies alongside the Directive, ensuring aligned enforcement.
Scope Specificity: Focuses on publicly available electronic communications services within the EU.
Regulatory Clarity: Prevents overlapping or conflicting requirements for compliance.
Organizational Applicability
This article applies to:
Providers of publicly available electronic communications services in the EU.
Legal and compliance teams ensuring alignment with both GDPR and Directive 2002/58/EC.
Supervisory authorities monitoring compliance for these entities.
Implementation Requirements
Recognize that GDPR obligations do not add to existing obligations under Directive 2002/58/EC.
Document compliance measures taken under the Directive and ensure GDPR alignment.
Communicate internally that no additional GDPR obligations are required for covered services.
Ensure supervisory authorities are aware of the complementary regulatory framework.
Implementation Guidance
Train staff on the relationship between GDPR and Directive 2002/58/EC.
Maintain records demonstrating adherence to Directive 2002/58/EC while complying with GDPR principles.
Periodically review legal frameworks to ensure clarity and alignment between GDPR and Directive 2002/58/EC.
Coordinate with regulatory bodies to clarify responsibilities and avoid redundant compliance measures.
Periodic Review
Frequency: Annually or when regulatory updates occur.
Responsible Role: Compliance Team, Legal Department, or Data Protection Officer (DPO).
Outcome: Ensure smooth regulatory alignment, avoiding duplication of obligations while complying with GDPR.
Non-Compliance Risks
Fines: Up to €20 million or 4% of global annual turnover for GDPR violations.
Legal Exposure: Misinterpretation or non-compliance with GDPR or Directive 2002/58/EC.
Reputational Damage: Loss of trust due to perceived regulatory conflicts or non-compliance.
Operational Risk: Redundant compliance efforts or gaps may disrupt operations and enforcement.