Every day within the EU there is a huge transfer of personal data. Conflicting data protection rules between the countries could cause a big disorder in international transfer. To this end, there were made efforts to unify the rules for the whole EU.
In April this year the EU adopted new legislation in the field of data protection. It consists of a General Data Protection Regulation and the Data Protection Directive for authorities proceeding in criminal cases. The application of these rules will still have to wait for two years. Namely, the official texts of the Regulation and the Directive were published on 4 May 2016. The Regulation will enter into force on 24 May 2016, it shall apply from 25 May 2018. The Directive will enter into force on 5 May 2016 and EU member States have to transpose it into their national law by 6 May 2018.
The rules are regulated in a consistent manner and are applied uniformly on the territory of the whole European Union. It is prescribed that each company belongs to only one authority when it comes to data protection, so they do not have to make reports on their actions regarding data protection within each country separately. This kind of legislation is important because of its efficiency. By stopping legal fragmentation, the expenses of legal entities who will not have to file separate reports on the territory of each country and settle administrative obligations will be reduced, and those expenses can then be used for making new investments. On the other hand, the citizens’ trust in a unified system that applies in each member state will be increased, so they will not be unsure of the level of protection, which would depend on the regulations of a certain country.
Even the businesses which are not located on the territory of the EU will be bound by these rules, if they are targeting consumers from the EU.
The key changes introduced by new legislation:
- “the right to be forgotten” – in case you do not want anymore your data to be used, or there is no ground for it;
- easier access to your data;
- the right to transfer of personal data from one service provider to another;
- clear and affirmative consent when it is required;
- information about data breach without delay – within 72 hours;
- transparency about how your data is used with easy-to-understand information;
- administrative and judicial remedies in the case of violation;
- increased responsibility by processing personal data – through data protection risk assessment and data protection officers.