European Data Protection Supervisor (EDPS) ViDA opinion summary published
The European Data Protection Supervisor (EDPS) holds a prominent role within the wider European Commission’s infrastructure. As the name suggests, it monitors and helps to regulate the protection of personal data in the EU. It is unsurprising that the European Commission has sought the expertise of the EDPS in relation to the VAT in the Digital Age (ViDA) proposal. The ViDA proposal, in imposing additional e-reporting obligations on Member States, will immediately raise questions about the security and safekeeping of personal data. This becomes even more critical as the spotlight on data quality is set to intensify with yet further mandatory requirements for invoice data content in line with the proposal. Further to the EDPS’ review of the ViDA proposal, the European Commission has now published the summary of the previously published EDPS opinions concerning ViDA. The EDPS recommendations focus predominantly on the issue of data security and safekeeping to ensure the European data protection rules of individuals. These recommendations include, but are not limited, to the following:
- The ViDA proposal should confirm all instances where data pertaining to an individual will be subject to further processing
- The ViDA proposal should specify the specific obligations which will merit access to the personal data included in the central directory
- The ViDA proposal should specify in a provision how long data can be retained and if so, how the data should be deleted after it is no longer required.