13. March 2018
GDPR Opportunities for Business
In this article, we will focus on the first of the two new legal instruments created as part of the GDPR, specifically, the general regulation regarding the protection of personal data and aspects relevant for business and commerce. Click on the links here to find out more information about how digital file storage and document management systems can help your organisation prepare for GDPR.
The new EU privacy regulation in detail
In January 2016, the European Union published a draft of the new General Data Protection Regulation (GDPR) which will replace the existing EU legislation on the protection of personal data the Data Protection Directive adopted in 1995 (officially Directive 95/46/EC).
In May 2016, the General Data Protection Regulation was published in the Official Journal of the European Union. As with all European regulations, the GDPR entered into force throughout the EU 20 days after its publication (i.e. on May 25th 2016). The regulation stipulates a two year transition period to comply and come into line with the new legal provisions which means that it will be fully applicable from May 25th 2018.
The new regulation is a global milestone in terms of legislation regarding data processing and will serve to strengthen existing rights and give individuals more powers and control over their personal data while creating business opportunities and encouraging innovation.
GDPR – Commercial Aspects and Opportunities
By unifying European data protection legislation, the EU aims to create new business opportunities and encourage innovation. The new GDPR regulation introduces some new principles:
- One continent, one law: the regulation establishes a single set of rules to make it easier and cheaper for companies to do business in the European Union;
- One single regulator: there will be just one Supervisory Authority, which will mean a saving of around €2.3 billion per year;
- Worldwide effects: non-EU companies will still have to apply European legislation when offering services in the European Union;
- A Risk-based approach: the regulation will not impose the same level of obligations on everyone and will be adapted depending on each party’s specific risks;
- Innovation-friendly: The GDPR will ensure that personal data protection is integrated into products and services from the early stages of any process (Data protection by design). Different privacy practices, such as the use of pseudonyms, will be encouraged to exploit the benefits of big data, while still protecting privacy.
The GDPR reform will cut the costs and bureaucracy of European trade, particularly in the case of Small & Medium-Sized Enterprises (SMEs) across the continent. EU data protection reform will give SMEs advantages to develop new markets. The GDPR will enable SMEs to benefit from a reduction in red tape and bureaucracy including:
- Notifying regulators has become a very costly “formality”, i.e. more than €130 million per year. This reform eliminates the need for them;
- In the event of obviously unjustified requests for access to data, SMEs will be able to charge a fee to provide such access;
- SMEs will be exempt from having to appoint a personal data controller in so far as the processing of personal data is not the main activity of the company;
- SMEs will not be required to carry out impact assessment unless there is a high risk;
- Personal data protection when relevant laws apply;
- Improved cooperation between law enforcement authorities.
To find out more about how the GDPR strengthens individual rights with regard to personal data protection, please read our article here. In following articles, we will continue to focus on these two new legal instruments, and further analyse and clarify relevant aspects of the new European Data Protection Regulation, focusing on aspects that can help your company prepare for GDPR.
AMAGNO has been designed and built with regulatory compliance in mind, meeting even the most modern data protection framework like the new GDPR and as an ECM or DMS can be the perfect foundation for your data protection strategy.
GDPR – A Legal Milestone for the Digital Era
The GDPR is based on Article 16 of the Treaty on the Functioning of the European Union (TFEU), which allows the adoption of legislation on the protection of individuals with regard to the processing of personal data. This includes the adoption of legislation on the free exchange of personal data, including personal data processed by Member States or private parties.
The reform creates two legal instruments:
- A General Regulation regarding the protection of personal data directly concerning the collection and elaboration of personal data and the free movement of such data (which is what we are generally most interested in, as business and consumers);
- The Data Protection Directive on Police and Criminal Justice Cooperation, which will ensure that data relating to victims, witnesses and individuals suspected of a crime are duly protected during an investigation or the enforcement of a criminal sentence. Similarly, more harmonised laws will facilitate cooperation between police or prosecutors in neighbouring countries to combat crime and terrorism effectively across Europe.
It is important to clarify that the GDPR is a regulation, not a directive as in the case of the previous EU legislation on the topic of data protection: Directive 95/46/EC. These two terms are often erroneously used as synonyms, in reality, they have very different meanings. A directive is adopted throughout the European Union and then implemented through the legislation of individual countries (i.e. it is incorporated by each individual State and converted into part of their national law) whereas a regulation, once adopted, becomes immediately applicable as a law in all EU States simultaneously.