New EU Data Protection Regulations imminent

16th December 2015

On the 15th December 2015 the EU Parliament and Commission agreed the text of the European Commission EU Data Protection Reform proposed in 2012

It has been a long time coming with much argument, but the final text has been agreed, and expected to be signed off next week. Below is the latest information we have on the actual content of the new Regulations.

The Reform consists of two instruments:

  • The General Data Protection Regulation will enable people to better control their personal data. At the same time modernised and unified rules will allow businesses to make the most of the opportunities of the Digital Single Market by cutting red tape and benefiting from reinforced consumer trust.
  • The Data Protection Directive for the police and criminal justice sector will ensure that the data of victims, witnesses, and suspects of crimes, are duly protected in the context of a criminal investigation or a law enforcement action. At the same time more harmonised laws will also facilitate cross-border cooperation of police or prosecutors to combat crime and terrorism more effectively across Europe.

The main benefits to citizens are:

  • easier access to your own data: individuals will have more information on how their data is processed and this information should be available in a clear and understandable way;
  • a right to data portability: it will be easier to transfer your personal data between service providers;
  • right to be forgotten: when you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted;
  • the right to know when your data has been hacked: For example, companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible so that users can take appropriate measures.

Clear modern rules for businesses
In today’s digital economy, personal data has acquired enormous economic significance, in particular in the area of big data. By unifying Europe’s rules on data protection, lawmakers are creating a business opportunity and encouraging innovation.

  • One continent, one law: The regulation will establish one single set of rules which will make it simpler and cheaper for companies to do business in the EU.
  • One-stop-shop: businesses will only have to deal with one single supervisory authority. This is estimated to save €2.3 billion per year.
  • European rules on European soil– companies based outside of Europe will have to apply the same rules when offering services in the EU.
  • Risk-based approach: the rules will avoid a burdensome one-size-fits-all obligation and rather tailor them to the respective risks.
  • Rules fit for innovation: the regulation will guarantee that data protection safeguards are built into products and services from the earliest stage of development (Data protection by design).
  • Privacy-friendly techniques such as pseudonomysation will be encouraged, to reap the benefits of big data innovation while protecting privacy.

Benefits for big and small alike
The data protection reform will stimulate economic growth by cutting costs and red tape for European business, especially for small and medium enterprises (SMEs). The EU’s data protection reform will help SMEs break into new markets. Under the new rules, SMEs will benefit from four reductions in red tape:

  • No more notifications: No longer need to Notifications to supervisory authorities, in the case of the UK, the ICO, are a formality that represents a cost for business of €130 million every year. The reform will scrap these entirely.
  • Every penny counts: Where requests to access data are manifestly unfounded or excessive, SMEs will be able to charge a fee for providing access.
  • Data Protection Officers: SMEs are exempt from the obligation to appoint a data protection officer insofar as data processing is not their core business activity.
  • Impact Assessments: SMEs will have no obligation to carry out an impact assessment unless there is a high risk.

Protecting personal data in the area of law enforcement

  • Better cooperation between law enforcement authorities
    With the new Data Protection Directive for Police and Criminal Justice Authorities, law enforcement authorities in EU Member States will be able to exchange information necessary for investigations more efficiently and effectively, improving cooperation in the fight against terrorism and other serious crime in Europe.
    The Data Protection Directive for Police and Criminal Justice Authorities takes account of the specific needs of law enforcement, respects the different legal traditions in Member States and is fully in line with the Charter of Fundamental Rights.
  • Better protection of citizens ‘data
    Individuals’ personal data will be better protected, when processed for any law enforcement purpose including prevention of crime. It will protect everyone – regardless of whether they are a victim, criminal or witness. All law enforcement processing in the Union must comply with the principles of necessity, proportionality and legality, with appropriate safeguards for the individuals. Supervision is ensured by independent national data protection authorities, and effective judicial remedies must be provided.The Data Protection Directive for Police and Criminal Justice Authorities provides clear rules for the transfer of personal data by law enforcement authorities outside the EU, to ensure that the level of protection of individuals guaranteed in the EU is not undermined.

What do you need to do next?

It is believed that the final texts will be formally adopted by the European Parliament and Council at the beginning 2016. The new rules will become applicable two years thereafter. So start planning for the changes as swiftly as possible

For more information see EU Data Protection Reform

The agreed final text of the GDPR has now been published

Let us ease your mind

If you have any queries, questions or requests then please get in touch. We’re always very happy to talk, you’ll find a friendly voice on the end of the line or simply fill out the form below.

    Your Contact Details

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.