Internet is an integral part of our daily lives: 70% of European citizens use it every day. It’s a tool that allows us to do things like online shopping, apply for a job, or apply for a bank loan – actions that often require you to share personal information almost daily. However, there are many risks in using citizens’ data, such as unauthorized data disclosure, identity theft, or online abuse.

As a result, new
data protection rules have come into force since May 2018: the
General Data Protection Regulation
(GDPR). This regulation
provides a set of rules for the processing by a person, firm or
organization of personal data relating to individuals within the EU1.
Thus, all companies operating in the EU, apart from their location,
must comply with a set of rules on data protection.

What are the consequences of this regulation?2

  • Companies
    benefit from a level playing field
  • Citizens
    have greater control over their personal data (ie information
    processing data such as address, first name and last name of an
    identified or identifiable person)

This gives new
rights to citizens3:

  • a
    right to receive clear and understandable information about the
    people who is
    their data, what
    data they
    are processing
    and the reason they are processing
  • a
    right to request access to personal data
  • a
    right to ask a service provider to transmit your personal data
  • a
    right “to be forgotten” : you
    can ask to delete your personnel data
  • a
    right to give your consent for
    your data
  • a
    right to be informed if you data is lost or stolen
  • a
    right to complain if your data protection rights have been violated

rules do not only concern businesses and citizens, but also European
institutions and agencies. In fact, in September 2018, a new
regulation on the processing of data by the EU institutions

was voted
by Parliament.

What is it about ?
It is a regulation which aims to consistently apply the common data
protection principles (such as unambiguous consent, accountability
and transparency) throughout the Union and therefore it concerns both
the institutions and bodies of the Union.

In this context, the
new rules strengthen the requirements and principles for lawful data
processing. In particular, citizens’ rights are stronger, exceptions
(ie where consent is not required) are clarified and the obligations
on data controllers are further clarified4.

The role of the European Data Protection Supervisor (EDPS), the authority responsible for ensuring that EU institutions comply with the existing data law, has been strengthened. This authority has the power to conduct investigations, offer advice and monitor compliance with the law, either on its own initiative or that of an individual or agent of a European institution. In case of infringement, it may impose fines5.

Laura van Lerberghe

1« What
does the General Data Protection Regulation (GDPR) govern? »,

2« 2018
reform of EU data protection rules »,


4« Data
protection by the EU’s institutions »,


L’article #EUelections – Data protection in the EU est apparu en premier sur Le portail de référence pour l'espace de liberté, sécurité et justice.

Author :