EC publishes guidance on upcoming new data protection rules
The Commission yesterday published a guidance to facilitate a direct and smooth application of the new data protection rules across the EU as of 25 May. The Commission also launches a new online tool dedicated to SMEs.
With just over 100 days left before the application of the new law, the guidance outlines what the European Commission, national data protection authorities and national administrations should still do to bring the preparation to a successful completion.
While the new regulation provides for a single set of rules directly applicable in all Member States, it will still require significant adjustments in certain aspects, like amending existing laws by EU governments or setting up the European Data Protection Board by data protection authorities. The guidance recalls the main innovations, opportunities opened up by the new rules, takes stock of the preparatory work already undertaken and outlines the work still ahead of the European Commission, national data protection authorities and national administrations.
Andrus Ansip, European Commission Vice-President for the Digital Single Market, said: "Our digital future can only be built on trust. Everyone's privacy has to be protected. Strengthened EU data protection rules will become a reality on 25 May. It is a major step forward and we are committed to making it a success for everyone."
Vĕra Jourová, Commissioner for Justice, Consumers and Gender Equality, added:" In today's world, the way we handle data will determine to a large extent our economic future and personal safety. We need modern rules to respond to new risks, so we call on EU governments, authorities and businesses to use the remaining time efficiently and fulfil their roles in the preparations for the big day."
Commission calls on EU governments and data protection authorities to be ready and provide support
Since the adoption of the General Data Protection Regulation in May 2016, the Commission has actively engaged with all concerned actors — governments, national authorities, businesses, civil society — to prepare the application of the new rules.
Preparations are progressing at various speeds across Member States. At this stage, only two of them have already adopted the relevant national legislation. Member States should speed up the adoption of national legislation and make sure these measures are in line with the Regulation. They should also ensure they equip their national authorities with the necessary financial and human resources to guarantee their independence and efficiency.
The Commission is dedicating EUR 1.7 million to fund data protection authorities, but also to train data protection professionals. A further EUR 2 million is available to support national authorities in reaching out to businesses, in particular SMEs.
New online tool supporting practical application
Knowledge of the benefits and opportunities brought by the new rules is not evenly spread. There is in particular a need to step up awareness and accompany compliance efforts for SMEs.
Yesterday, the Commission launches a new practical online tool to help citizens, businesses, in particular SMEs, and other organisations to comply and benefit from the new data protection rules.
The Commission will also engage in events organised across the Member States to help the stakeholders in their preparation efforts and inform the citizens about the impact of the Regulation.
Recalling the main innovations and new opportunities
The General Data Protection Regulation enables the free flow of data across the Digital Single Market. It will better protect the privacy of Europeansand reinforce trust and security for consumers, while at the same time opening up new opportunities for businesses, especially smaller ones.
The guidance recalls the main elements of the new data protection rules:
- One set of rules across the continent, guaranteeing legal certainty for businesses and the same data protection level across the EU for citizens.
- Same rules apply to all companies offering services in the EU, even if these companies are based outside the EU.
- Stronger and new rights for citizens: the right to information, access and the right to be forgotten are strengthened. A new right to data portability allows citizens to move their data from one company to the other. This will give companies new business opportunities.
- Stronger protection against data breaches: a company experiencing a data breach, which put individuals at risk, has to notify the data protection authority within 72 hours.
- Rules with teeth and deterrent fines: all data protection authorities will have the power to impose fines for up to EUR 20 million or, in the case of a company, 4% of the worldwide annual turnover.
In the run up to 25 May, the Commission will continue to actively support Member States, Data Protection Authorities and businesses to ensure the reform is ready to enter into effect. From May 2018 onward, it will monitor how Member States apply the new rules and take appropriate action as necessary. One year after the Regulation enters into application (2019) the Commission will organise an event to take stock of different stakeholders' experiences of implementing the Regulation. This will also feed into the report the Commission is required to produce by May 2020 on the evaluation and review of the Regulation.
On 6 April 2016, the EU agreed to a major reform of its data protection framework, by adopting the data protection reform package, comprising the General Data Protection Regulation (GDPR) replacing the twenty years old Directive. On 25 May 2018, the new EU-wide data protection rules will become applicable, two years after its adoption and entry into force.
In January 2017, the Commission proposed to align the rules for electronic communications (ePrivacy) with the new world-class standards of the EU's General Data Protection Regulation. In September 2017, the Commission proposed a new set of rules to govern the free flow of non-personal data in the EU. Together with the already existing rules for personal data, the new measures will enable the storage and processing of non-personal data across the Union to boost the competitiveness of European businesses and to modernise public services. Both proposals still need to be agreed by the European Parliament and Member States.
For more information
- Better rules for European businesses
- Better Data Protection rights for European citizens
- Next steps before 25 May
- General Data Protection Regulation: ensuring its enforcement
- Successful application of the Data Protection Reform: a concerted effort
Latest News from
Anti-money laundering: Council agrees its negotiating mandate on transparency of crypto-asset transfers03/12/2021 10:38:00
EU ambassadors recently (01 December 2021) agreed on a mandate to negotiate with the European Parliament on a proposal to update existing rules on information accompanying transfers of funds.
Progress on fishing licences in Guernsey waters03/12/2021 09:25:00
The continuous efforts of the European Commission have led to Guernsey granting permanent fishing licences to 40 vessels, and declaring 3 others as meeting the qualification criteria.
Commission reiterates calls to step up vaccination, rapid deployment of boosters, vigilance and rapid reaction to Omicron variant02/12/2021 16:33:00
The Commission yesterday put forward a common and coordinated EU approach to address effectively the challenges from the resurgence of COVID-19 in many Member States this autumn.
Global Gateway: up to €300 billion for the European Union's strategy to boost sustainable links around the world02/12/2021 15:25:00
The European Commission and the High Representative for Foreign Affairs and Security Policy yesterday launched the Global Gateway, the new European Strategy to boost smart, clean and secure links in digital, energy and transport and strengthen health, education and research systems across the world.
Statement by President von der Leyen on facing current and new COVID-19 challenges02/12/2021 14:33:00
Statement given yesterday by President von der Leyen on facing current and new COVID-19 challenges.
Asylum and return: Commission proposes temporary legal and practical measures to address the emergency situation at the EU's external border with Belarus02/12/2021 13:25:00
The Commission yesterday put forward a set of temporary asylum and return measures to assist Latvia, Lithuania and Poland in addressing the emergency situation at the EU's external border with Belarus.
Modernising judicial cooperation: Commission paves the way for further digitalisation of EU justice systems02/12/2021 12:38:00
The European Commission yesterday adopted several initiatives to digitalise EU justice systems, making them more accessible and effective.
Introductory remarks by Commissioner Gentiloni at the European Parliament's Subcommittee on Tax Matters, 30 November 202102/12/2021 11:33:00
Introductory remarks given recently by Commissioner Gentiloni at the European Parliament's Subcommittee on Tax Matters, 30 November 2021.
Promoting data sharing: presidency reaches deal with Parliament on Data Governance Act02/12/2021 10:38:00
Negotiators from the Council and the European Parliament recently (30 November 2021) reached a provisional agreement on a new law to promote the availability of data and build a trustworthy environment to facilitate its use for research and the creation of innovative new services and products.