What is the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation (GDPR) is a European Union regulation that harmonises the rules governing the processing of personal data by private companies and public authorities across the EU. The aim is not only to safeguard the protection of personal data within the European Union, but also to ensure the free movement of data within the European single market.
The new regulation will come into force at the beginning of 2018 and replace the EU Data Protection Directive (Directive 95/46 / EC), which has been in force since 1995.
Uniform data protection in Europe by EU General Data Protection Regulation
The new EU General Data Protection Regulation (GDPR) aims to standardise data protection law within Europe in order to give individuals more control over their data. Accordingly, the same standards in data protection will apply in all EU states in the future, so there will no longer be data protection “retreat areas” within Europe.
Stronger user rights
In the future, users should have easier access to their data. Everyone has the right to know what data is collected about him/her. In addition, the user will be entitled to clear and easily understandable information about who processes his/her data for what purpose, how and where.
This also means that the user must be informed in more detail in the future, if his/her data has been hacked. This should allow the user more time to initiate measures for its protection.
Personal data belongs to the user, not to the Internet service involved in data processing. This principle has not always been taken into account when anyone tried to transfer data from one Internet portal to another. With the new GDPR, the user will have the right to take data from one internet provider to another.
Also strengthened is the right of the user to be ‘forgotten’. So, in the future, it will be easier for the individual to have information about him/her which has been deleted.
Consent in data processing from the age of 16
Children and adolescents like to use the internet. So far, this has not been a problem in most countries, and its consent to the processing of personal data could be obtained at the age of 13, provided that the required level of insight was available.
This is about to change: According to the GDPR, the minimum age for the submission of a legally valid consent to the processing of personal data will now be 16. This will make it much harder for teenagers to sign up for Internet services such as Facebook and Instagram. Critics assume that young people will end up unlawfully registering without consent of their parents.
US companies are bound by European data protection law
The new rules will not apply only to companies based in Europe. From now on, US companies will also have to comply with European data protection requirements if they want to want to offer their services on the European market. The historical argument, that one is only bound to the US-American specifications, will no longer apply.
Higher fines possible
Unlike in the past, the maximum number of fines for data protection violations is no longer given in terms of rigid values; instead, fines of up to 4 percent of the company’s annual turnover can be imposed in the future. Large companies will not like this, they face fines of millions or even billions in the case of violations of data protection law.
Split echo on reform
The reform of the data protection legislation linked to the draft regulation was not met with enthusiasm everywhere.
Critics see in the new regulation a paternalism of the citizen, the delivery of a legally valid declaration of consent by the planned regulations is made considerably more difficult. Ultimately, this would mean an incapacitation of the citizen.
Proponents praise the reform as a milestone in consumer privacy. The planned DSVGO will finally eliminate the existing patchwork of existing data protection regulations within Europe.
Optimal approach for companies
Companies should keep an eye on the further development of GDPR. The two-year transitional period offers companies an excellent opportunity to establish new data protection measures. For more information on how you can safeguard your confidential documents to be in line with the GDPR, please contact us.