Interplay entre DSA et GDPR : Guide EDPB

Guidelines 3/2025 on the Interplay between the DSA and the GDPR

The European Data Protection Board (EDPB) has released the Guidelines 3/2025, focusing on the interplay between the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR). These guidelines aim to clarify how these two significant pieces of legislation interact and complement each other, ensuring a coherent application of data protection principles across digital services.

Understanding the DSA and GDPR

The DSA, a recent legislative framework, seeks to create a safer digital space where the fundamental rights of users are protected, and to establish a level playing field for businesses. On the other hand, the GDPR, which has been in effect since 2018, is designed to protect individuals' personal data and privacy in the European Union and the European Economic Area.

Key Interactions between DSA and GDPR

The guidelines highlight several key areas where the DSA and GDPR intersect. These include the obligations of digital service providers to ensure transparency, accountability, and the protection of personal data. The EDPB emphasizes the importance of these providers understanding their dual responsibilities under both regulations to avoid compliance pitfalls.

Implications for Compliance Officers

For compliance officers, these guidelines serve as a crucial resource for navigating the complex regulatory landscape. They provide detailed insights into how to align organizational practices with both the DSA and GDPR, ensuring that data protection measures are robust and comprehensive.

Quelques pistes pour l'intégration opérationnelle dans votre dispositif :

- Évaluer les pratiques actuelles de protection des données à la lumière des nouvelles exigences du DSA.

- Mettre en place des formations régulières pour le personnel sur les obligations du DSA et du GDPR.

- Collaborer avec les équipes juridiques pour s'assurer que toutes les politiques internes sont conformes aux deux régulations.

- Utiliser des outils technologiques pour surveiller et signaler les violations potentielles de données.

- Élaborer un plan d'action pour répondre rapidement aux incidents de non-conformité.