Mr. Dale Sunderland:

Others may have views on it, but from our perspective and as Mr. Carroll mentioned, under the general data protection regulation, GDPR, on a legislative basis in national member states, a Union law is required. It depends on the level of interference with an individual's privacy rights. It may be that if there is a low level of interference, the legislation under which a body is established will be sufficient in processing the data. However, if the level of intrusion is much greater in terms of the protection of an individual's privacy rights, it may be the case that more specific legislation will be required. That is part of of the analysis.

It is important to note that the core themes of the new general data protection regulation are accountability and transparency. It is essential that there be transparency for the public and the individual on how their data are being used, the purposes for which they are being used and how they will be kept. That is an essential core aspect of meeting compliance requirements under data protection law. Accountability in an organisation relates to how it meets the requirements under the law. We recommend - it will be an absolutely essential requirement under the GDPR - that every organisation approach its data protection obligations from these two perspectives and ensure it meets the necessary standards.