EC publishes guidance on upcoming new data protection rules
The Commission yesterday published a guidance to facilitate a direct and smooth application of the new data protection rules across the EU as of 25 May. The Commission also launches a new online tool dedicated to SMEs.
With just over 100 days left before the application of the new law, the guidance outlines what the European Commission, national data protection authorities and national administrations should still do to bring the preparation to a successful completion.
While the new regulation provides for a single set of rules directly applicable in all Member States, it will still require significant adjustments in certain aspects, like amending existing laws by EU governments or setting up the European Data Protection Board by data protection authorities. The guidance recalls the main innovations, opportunities opened up by the new rules, takes stock of the preparatory work already undertaken and outlines the work still ahead of the European Commission, national data protection authorities and national administrations.
Andrus Ansip, European Commission Vice-President for the Digital Single Market, said: "Our digital future can only be built on trust. Everyone's privacy has to be protected. Strengthened EU data protection rules will become a reality on 25 May. It is a major step forward and we are committed to making it a success for everyone."
Vĕra Jourová, Commissioner for Justice, Consumers and Gender Equality, added:" In today's world, the way we handle data will determine to a large extent our economic future and personal safety. We need modern rules to respond to new risks, so we call on EU governments, authorities and businesses to use the remaining time efficiently and fulfil their roles in the preparations for the big day."
Commission calls on EU governments and data protection authorities to be ready and provide support
Since the adoption of the General Data Protection Regulation in May 2016, the Commission has actively engaged with all concerned actors — governments, national authorities, businesses, civil society — to prepare the application of the new rules.
Preparations are progressing at various speeds across Member States. At this stage, only two of them have already adopted the relevant national legislation. Member States should speed up the adoption of national legislation and make sure these measures are in line with the Regulation. They should also ensure they equip their national authorities with the necessary financial and human resources to guarantee their independence and efficiency.
The Commission is dedicating EUR 1.7 million to fund data protection authorities, but also to train data protection professionals. A further EUR 2 million is available to support national authorities in reaching out to businesses, in particular SMEs.
New online tool supporting practical application
Knowledge of the benefits and opportunities brought by the new rules is not evenly spread. There is in particular a need to step up awareness and accompany compliance efforts for SMEs.
Yesterday, the Commission launches a new practical online tool to help citizens, businesses, in particular SMEs, and other organisations to comply and benefit from the new data protection rules.
The Commission will also engage in events organised across the Member States to help the stakeholders in their preparation efforts and inform the citizens about the impact of the Regulation.
Recalling the main innovations and new opportunities
The General Data Protection Regulation enables the free flow of data across the Digital Single Market. It will better protect the privacy of Europeansand reinforce trust and security for consumers, while at the same time opening up new opportunities for businesses, especially smaller ones.
The guidance recalls the main elements of the new data protection rules:
- One set of rules across the continent, guaranteeing legal certainty for businesses and the same data protection level across the EU for citizens.
- Same rules apply to all companies offering services in the EU, even if these companies are based outside the EU.
- Stronger and new rights for citizens: the right to information, access and the right to be forgotten are strengthened. A new right to data portability allows citizens to move their data from one company to the other. This will give companies new business opportunities.
- Stronger protection against data breaches: a company experiencing a data breach, which put individuals at risk, has to notify the data protection authority within 72 hours.
- Rules with teeth and deterrent fines: all data protection authorities will have the power to impose fines for up to EUR 20 million or, in the case of a company, 4% of the worldwide annual turnover.
In the run up to 25 May, the Commission will continue to actively support Member States, Data Protection Authorities and businesses to ensure the reform is ready to enter into effect. From May 2018 onward, it will monitor how Member States apply the new rules and take appropriate action as necessary. One year after the Regulation enters into application (2019) the Commission will organise an event to take stock of different stakeholders' experiences of implementing the Regulation. This will also feed into the report the Commission is required to produce by May 2020 on the evaluation and review of the Regulation.
On 6 April 2016, the EU agreed to a major reform of its data protection framework, by adopting the data protection reform package, comprising the General Data Protection Regulation (GDPR) replacing the twenty years old Directive. On 25 May 2018, the new EU-wide data protection rules will become applicable, two years after its adoption and entry into force.
In January 2017, the Commission proposed to align the rules for electronic communications (ePrivacy) with the new world-class standards of the EU's General Data Protection Regulation. In September 2017, the Commission proposed a new set of rules to govern the free flow of non-personal data in the EU. Together with the already existing rules for personal data, the new measures will enable the storage and processing of non-personal data across the Union to boost the competitiveness of European businesses and to modernise public services. Both proposals still need to be agreed by the European Parliament and Member States.
For more information
- Better rules for European businesses
- Better Data Protection rights for European citizens
- Next steps before 25 May
- General Data Protection Regulation: ensuring its enforcement
- Successful application of the Data Protection Reform: a concerted effort
- Christian WIGAND (+32 2 296 22 53)
- Melanie VOIN (+ 32 2 295 86 59)
General public inquiries: Europe Direct by phone 00 800 67 89 10 11 or by email
Latest News from
Climate change: Deal on a more ambitious Emissions Trading System (ETS)20/12/2022 10:33:00
On Saturday night, MEPs and EU governments agreed to reform the Emissions Trading System to further reduce industrial emissions and invest more in climate friendly technologies.
EU and Ukraine sign €100 million for the rehabilitation of war-damaged schools *20/12/2022 09:25:00
Exactly three months after President von der Leyen's announcement in her 2022 State of the Union Address, the European Commission and the Government of Ukraine have signed a €100 million support package for the reconstruction and rehabilitation of schooling facilities damaged in Russia's full-scale war of aggression against Ukraine.
NextGenerationEU: European Commission endorses positive preliminary assessment of Portugal's second request for €1.8 billion disbursement under the Recovery and Resilience Facility19/12/2022 16:33:00
The European Commission recently (16 December 2022) endorsed a positive preliminary assessment of Portugal's payment request for €1.8 billion of grants and loans under the Recovery and Resilience Facility (RRF), the key instrument at the heart of NextGenerationEU.
'Fit for 55': Council and Parliament reach provisional deal on EU emissions trading system and the Social Climate Fund19/12/2022 15:25:00
The Council and the European Parliament reached a provisional political agreement on important legislative proposals of the ‘Fit for 55’ package that will further reduce emissions and address their social impacts.
Ukraine: EU agrees ninth package of sanctions against Russia19/12/2022 14:33:00
The Commission welcomes the Council's adoption of a ninth package of hard-hitting sanctions against Russia for its aggression against Ukraine.
Council and European Parliament agree on new safety requirements for machinery products19/12/2022 13:25:00
The Council and the European Parliament negotiators have reached a provisional agreement on the regulation for machinery products. The proposed legislation transforms the 2006 machinery directive into a regulation.
Human rights breaches in China, Chad and Bahrain19/12/2022 12:38:00
On Thursday, the European Parliament adopted three resolutions on the respect for human rights in China, Chad and Bahrain.
Commission welcomes political agreement on new rules to ensure the safety of machinery and robots19/12/2022 11:33:00
The Commission welcomes the political agreement reached by the European Parliament and the Council of the European Union on a new Machinery Regulation.
EU Cohesion Policy: €223.8 million for a just climate transition in Portugal19/12/2022 10:38:00
Portugal will receive more than €223.8 million under the Just Transition Fund (JTF) following hte recent (15 December 2022) adoption of three multi-fund programmes that include the Territorial Just Transition Plans (TJTPs).