Internet is an integral part of our daily lives: 70% of European citizens use it every day. It’s a tool that allows us to do things like online shopping, apply for a job, or apply for a bank loan – actions that often require you to share personal information almost daily. However, there are many risks in using citizens’ data, such as unauthorized data disclosure, identity theft, or online abuse.
As a result, new
data protection rules have come into force since May 2018: the
General Data Protection Regulation (GDPR). This regulation
provides a set of rules for the processing by a person, firm or
organization of personal data relating to individuals within the EU1.
Thus, all companies operating in the EU, apart from their location,
must comply with a set of rules on data protection.
What are the consequences of this regulation?2
benefit from a level playing field
have greater control over their personal data (ie information
processing data such as address, first name and last name of an
identified or identifiable person)
This gives new
rights to citizens3:
right to receive clear and understandable information about the
people who is
their data, what
and the reason they are processing
right to request access to personal data
right to ask a service provider to transmit your personal data
right “to be forgotten” : you
can ask to delete your personnel data
right to give your consent for
right to be informed if you data is lost or stolen
right to complain if your data protection rights have been violated
rules do not only concern businesses and citizens, but also European
institutions and agencies. In fact, in September 2018, a new
regulation on the processing of data by the EU institutions
What is it about ?
It is a regulation which aims to consistently apply the common data
protection principles (such as unambiguous consent, accountability
and transparency) throughout the Union and therefore it concerns both
the institutions and bodies of the Union.
In this context, the
new rules strengthen the requirements and principles for lawful data
processing. In particular, citizens’ rights are stronger, exceptions
(ie where consent is not required) are clarified and the obligations
on data controllers are further clarified4.
The role of the European Data Protection Supervisor (EDPS), the authority responsible for ensuring that EU institutions comply with the existing data law, has been strengthened. This authority has the power to conduct investigations, offer advice and monitor compliance with the law, either on its own initiative or that of an individual or agent of a European institution. In case of infringement, it may impose fines5.
Laura van Lerberghe
does the General Data Protection Regulation (GDPR) govern? »,
reform of EU data protection rules »,
protection by the EU’s institutions »,
L’article #EUelections – Data protection in the EU est apparu en premier sur Le portail de référence pour l'espace de liberté, sécurité et justice.EU Logos