EC publishes guidance on upcoming new data protection rules
The Commission yesterday published a guidance to facilitate a direct and smooth application of the new data protection rules across the EU as of 25 May. The Commission also launches a new online tool dedicated to SMEs.
With just over 100 days left before the application of the new law, the guidance outlines what the European Commission, national data protection authorities and national administrations should still do to bring the preparation to a successful completion.
While the new regulation provides for a single set of rules directly applicable in all Member States, it will still require significant adjustments in certain aspects, like amending existing laws by EU governments or setting up the European Data Protection Board by data protection authorities. The guidance recalls the main innovations, opportunities opened up by the new rules, takes stock of the preparatory work already undertaken and outlines the work still ahead of the European Commission, national data protection authorities and national administrations.
Andrus Ansip, European Commission Vice-President for the Digital Single Market, said: "Our digital future can only be built on trust. Everyone's privacy has to be protected. Strengthened EU data protection rules will become a reality on 25 May. It is a major step forward and we are committed to making it a success for everyone."
Vĕra Jourová, Commissioner for Justice, Consumers and Gender Equality, added:" In today's world, the way we handle data will determine to a large extent our economic future and personal safety. We need modern rules to respond to new risks, so we call on EU governments, authorities and businesses to use the remaining time efficiently and fulfil their roles in the preparations for the big day."
Commission calls on EU governments and data protection authorities to be ready and provide support
Since the adoption of the General Data Protection Regulation in May 2016, the Commission has actively engaged with all concerned actors — governments, national authorities, businesses, civil society — to prepare the application of the new rules.
Preparations are progressing at various speeds across Member States. At this stage, only two of them have already adopted the relevant national legislation. Member States should speed up the adoption of national legislation and make sure these measures are in line with the Regulation. They should also ensure they equip their national authorities with the necessary financial and human resources to guarantee their independence and efficiency.
The Commission is dedicating EUR 1.7 million to fund data protection authorities, but also to train data protection professionals. A further EUR 2 million is available to support national authorities in reaching out to businesses, in particular SMEs.
New online tool supporting practical application
Knowledge of the benefits and opportunities brought by the new rules is not evenly spread. There is in particular a need to step up awareness and accompany compliance efforts for SMEs.
Yesterday, the Commission launches a new practical online tool to help citizens, businesses, in particular SMEs, and other organisations to comply and benefit from the new data protection rules.
The Commission will also engage in events organised across the Member States to help the stakeholders in their preparation efforts and inform the citizens about the impact of the Regulation.
Recalling the main innovations and new opportunities
The General Data Protection Regulation enables the free flow of data across the Digital Single Market. It will better protect the privacy of Europeansand reinforce trust and security for consumers, while at the same time opening up new opportunities for businesses, especially smaller ones.
The guidance recalls the main elements of the new data protection rules:
- One set of rules across the continent, guaranteeing legal certainty for businesses and the same data protection level across the EU for citizens.
- Same rules apply to all companies offering services in the EU, even if these companies are based outside the EU.
- Stronger and new rights for citizens: the right to information, access and the right to be forgotten are strengthened. A new right to data portability allows citizens to move their data from one company to the other. This will give companies new business opportunities.
- Stronger protection against data breaches: a company experiencing a data breach, which put individuals at risk, has to notify the data protection authority within 72 hours.
- Rules with teeth and deterrent fines: all data protection authorities will have the power to impose fines for up to EUR 20 million or, in the case of a company, 4% of the worldwide annual turnover.
In the run up to 25 May, the Commission will continue to actively support Member States, Data Protection Authorities and businesses to ensure the reform is ready to enter into effect. From May 2018 onward, it will monitor how Member States apply the new rules and take appropriate action as necessary. One year after the Regulation enters into application (2019) the Commission will organise an event to take stock of different stakeholders' experiences of implementing the Regulation. This will also feed into the report the Commission is required to produce by May 2020 on the evaluation and review of the Regulation.
On 6 April 2016, the EU agreed to a major reform of its data protection framework, by adopting the data protection reform package, comprising the General Data Protection Regulation (GDPR) replacing the twenty years old Directive. On 25 May 2018, the new EU-wide data protection rules will become applicable, two years after its adoption and entry into force.
In January 2017, the Commission proposed to align the rules for electronic communications (ePrivacy) with the new world-class standards of the EU's General Data Protection Regulation. In September 2017, the Commission proposed a new set of rules to govern the free flow of non-personal data in the EU. Together with the already existing rules for personal data, the new measures will enable the storage and processing of non-personal data across the Union to boost the competitiveness of European businesses and to modernise public services. Both proposals still need to be agreed by the European Parliament and Member States.
For more information
- Better rules for European businesses
- Better Data Protection rights for European citizens
- Next steps before 25 May
- General Data Protection Regulation: ensuring its enforcement
- Successful application of the Data Protection Reform: a concerted effort
Latest News from
COVID-19: Budget MEPs call for quick progress on post-2020 contingency plan03/04/2020 14:33:00
Considering the health crisis and consequent delays to finding a timely agreement on the new long-term EU budget, Budget MEPs reiterate their call for an urgent 2021 contingency plan.
ESMA Publishes 24th Extract From Its EECS Database03/04/2020 13:25:00
The European Securities and Markets Authority (ESMA), the EU securities markets regulator, today publishes the 24th extract from its database of enforcement decisions on financial statements.
10 things the EU is doing to fight the coronavirus03/04/2020 12:48:00
Find out what the European Institutions are doing to mitigate the impact of the Covid19 outbreak, protect people and the economy and promote solidarity.
ESMA Publishes 2019 Report on Enforcement of Corporate Disclosure03/04/2020 11:33:00
Convergence work on financial and non-financial disclosure.
Over 35,000 EU asylum officials trained by EASO03/04/2020 10:38:00
Despite the COVID-19 restrictions, EASO continues training Member States’ asylum and reception officials through e-learning and virtual sessions.
Fact-checking Day: Fighting the virus of disinformation on Covid-1903/04/2020 09:25:00
The outbreak of the coronavirus has led to fake news and disinformation spreading, which hamper efforts to contain the pandemic.
Robust monitoring and targets are key in shifting Europe to a more circular economy02/04/2020 15:25:00
Introducing more robust monitoring and targets to spur Europe’s move to a circular economy would help improve resource efficiency, according to a European Environment Agency (EEA) report published yesterday.
ESMA Advises The European Commission on Inducements And Costs And Charges Disclosures02/04/2020 14:33:00
The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, yesterday published its advice to the European Commission (EC) on inducements and costs and charges disclosures under MiFID II.
Statement by Frans Timmermans, Executive Vice-President for the European Green Deal, on the announcement to postpone the COP2602/04/2020 13:25:00
Statement given yesterday by Frans Timmermans, Executive Vice-President for the European Green Deal, on the announcement to postpone the COP26.