- Jan 24, 2011
- 9,378
The European Parliament today voted in favour of major reforms to data protection in the EU, first put forward in January 2012 as a replacement for the current rules, which were drawn up in 1995. The new law is done and dusted and will come into action in April 2018.
There are two components to the new law: the General Data Protection Regulation (GDPR), which is designed to give EU citizens better control of their personal data, and the Data Protection Directive, which covers how personal data is used by police in the EU.
General Data Protection Regulation
There are a number of key elements for EU citizens in the GDPR. Under the new rules, individuals will have more information on how their personal data is processed. Data protection must be "by default" and "by design" for products and services, and privacy-friendly default settings will be the norm, for example on social networks or apps.
Under the GDPR, personal data will be portable, so that it can be moved more easily between different online services. The so-called "right to be forgotten"—actually, a right to be removed from the results of search engines—is clarified under the GDPR. Companies and organisations will be obliged to inform national supervisory bodies of serious data breaches so that users can take appropriate measures.
The Greens MEP Jan Philipp Albrecht, who did more than anyone to shepherd the GDPR through the legislative process, said afterwards: "The new rules will give users back the right to decide on their own private data. Businesses that have accessed users' data for a specific purpose would generally not be allowed to transfer the data without the user being asked. Users will have to give clear consent for their data to be used."
Another big benefit for citizens is that the new rules will be backed up by much stronger enforcement: data protection authorities will be able to fine companies that do not comply up to 4 percent of global annual turnover—that could be billions of euros for top US Internet companies. That threat should help to focus corporate minds when it comes to protecting the personal data of EU citizens.
The European Commission claims that the GDPR will also bring benefits for businesses, notably the fact there will be a single, pan-European law for data protection, rather than a confusing patchwork of 28 rules. Small- and medium-sized enterprises will enjoy simplified data protection requirements. For example, they will no longer be required to appoint a special data protection officer nor keep records of all their data processing activities.
Read more: Massive EU data protection overhaul finally approved
There are two components to the new law: the General Data Protection Regulation (GDPR), which is designed to give EU citizens better control of their personal data, and the Data Protection Directive, which covers how personal data is used by police in the EU.
General Data Protection Regulation
There are a number of key elements for EU citizens in the GDPR. Under the new rules, individuals will have more information on how their personal data is processed. Data protection must be "by default" and "by design" for products and services, and privacy-friendly default settings will be the norm, for example on social networks or apps.
Under the GDPR, personal data will be portable, so that it can be moved more easily between different online services. The so-called "right to be forgotten"—actually, a right to be removed from the results of search engines—is clarified under the GDPR. Companies and organisations will be obliged to inform national supervisory bodies of serious data breaches so that users can take appropriate measures.
The Greens MEP Jan Philipp Albrecht, who did more than anyone to shepherd the GDPR through the legislative process, said afterwards: "The new rules will give users back the right to decide on their own private data. Businesses that have accessed users' data for a specific purpose would generally not be allowed to transfer the data without the user being asked. Users will have to give clear consent for their data to be used."
Another big benefit for citizens is that the new rules will be backed up by much stronger enforcement: data protection authorities will be able to fine companies that do not comply up to 4 percent of global annual turnover—that could be billions of euros for top US Internet companies. That threat should help to focus corporate minds when it comes to protecting the personal data of EU citizens.
The European Commission claims that the GDPR will also bring benefits for businesses, notably the fact there will be a single, pan-European law for data protection, rather than a confusing patchwork of 28 rules. Small- and medium-sized enterprises will enjoy simplified data protection requirements. For example, they will no longer be required to appoint a special data protection officer nor keep records of all their data processing activities.
Read more: Massive EU data protection overhaul finally approved
