12. March 2018
GDPR Legal Issues: Protection of Personal Data
In this article, we will focus on the first of the two new legal instruments created as part of the GDPR, specifically, the general regulation regarding the protection of personal data and as a tool to strengthen individual rights.
The new EU privacy regulation in detail
In January 2016, the European Union published a draft of the new General Data Protection Regulation (GDPR) which will replace the existing EU legislation on the protection of personal data the Data Protection Directive adopted in 1995 (officially Directive 95/46/EC).
In May 2016, the General Data Protection Regulation was published in the Official Journal of the European Union. As with all European regulations, the GDPR entered into force throughout the EU 20 days after its publication (i.e. on May 25th 2016). The regulation stipulates a two year transition period to comply and come into line with the new legal provisions which means that it will be fully applicable from May 25th 2018.
The new regulation is a global milestone in terms of legislation regarding data processing and will serve to strengthen existing rights and give individuals more powers and control over their personal data while creating business opportunities and encouraging innovation.
GDPR – Strengthening the rights of individuals
The Regulation covers both consumers and businesses and is primarily intended to strengthen existing rights and provide individuals with more control over their personal data, especially regarding:
- Simplified access to data: People will have more information about how their data is processed. This information will have to be presented in a clear and comprehensible manner;
- Right to data transferability: it will be easier to transfer your personal data between different service providers;
- Right to be forgotten: if an individual no longer wants their data to be processed, and can prove that there is no reason for the data to be stored, then their data must be deleted;
- Processing of children’s personal data: conditions are introduced regarding the legality of the processing of a child’s personal data for information services offered directly to the child;
- Right to know when data has been violated: companies and organisations must notify national supervisory authorities as soon as possible in the event of serious personal data breaches so that users can take appropriate measures.
In our next article, we will continue to focus on these two new legal instruments, and further analyse and clarify relevant aspects of the new European Data Protection Regulation regarding commercial issues including GDPR business opportunities and innovation.
AMAGNO has been designed and built with regulatory compliance in mind, meeting even the most modern data protection framework like the new GDPR and as an ECM or DMS can be the perfect foundation for your data protection strategy.
GDPR – A Legal Milestone for the Digital Era
The GDPR is based on Article 16 of the Treaty on the Functioning of the European Union (TFEU), which allows the adoption of legislation on the protection of individuals with regard to the processing of personal data. This includes the adoption of legislation on the free exchange of personal data, including personal data processed by Member States or private parties.
The reform creates two legal instruments:
- A General Regulation regarding the protection of personal data directly concerning the collection and elaboration of personal data and the free movement of such data (which is what we are generally most interested in, as business and consumers);
- The Data Protection Directive on Police and Criminal Justice Cooperation, which will ensure that data relating to victims, witnesses and individuals suspected of a crime are duly protected during an investigation or the enforcement of a criminal sentence. Similarly, more harmonised laws will facilitate cooperation between police or prosecutors in neighbouring countries to combat crime and terrorism effectively across Europe.
It is important to clarify that the GDPR is a regulation, not a directive as in the case of the previous EU legislation on the topic of data protection: Directive 95/46/EC. These two terms are often erroneously used as synonyms, in reality, they have very different meanings. A directive is adopted throughout the European Union and then implemented through the legislation of individual countries (i.e. it is incorporated by each individual State and converted into part of their national law) whereas a regulation, once adopted, becomes immediately applicable as a law in all EU States simultaneously.