The EU GPDR is a reform aimed to improve data protection laws within Europe Union; it’s an integral part in EU privacy and human rights law. EU commission finalized the new GPDR policy that is directly applicable to all the 28 countries in the EU without any need for the national legislature. The directive enters into force on 5th May 2016 and the EU member states will have to transport it into their national law by 28 May 2018.
Here are the 10 key points covered in new EU data protection laws:
1. Regulation to be implemented in all 28 countries in EU
There is a patchwork of different laws and practices for different countries in the EU. With the implementation of this law, a single law for data protection will be enforced all across the 28 countries in the European Union. This will bring much more agile regulation, reduce overhead cost and facilitate the use of cloud computing.
2. Data Protection is the responsibility of Data Processors
Company or individual that control or process the data will be responsible for the protection of the data that include third parties such as cloud providers. It will be their job to ensure that the right tools and processes are in place for the data to be protected from breach, loss, alternations, disclosure or dissemination.
3. Data Protection by design and default
The companies will now need to review their existing designs and processes to ensure they are compliant with current data security standards. Data protection will need to be scooped right from the initial planning part.
4. Tighter rules for Data Collection
With the implementation of this law, personal data of EU citizens can only be gathered legally under strict conditions for legitimate purposes. This rule is implemented so that all EU citizens’ data will be protected anywhere in the EU.
5. Consent and Right to be Forgotten
This law will give more control to EU citizens over their personal data. It will be necessary to obtain permission to processing anyone’s personal information and the citizens will have the right to revoke it anytime they want. Citizens will also have the right to have their personal data deleted from a company or institution database.
6. Users have right to make compensation claims
The law will empower users to not only protect their data, but also to defend them. Anyone who has his data breached or fear for the integrity of their personal information will be able to sue for the compensation.
7. Communication of user rights
Under the new data protection law, it will be the responsibility of the company to clearly state to their customers about they need their personal data and for what purpose. Companies have to remind the customers will have the legal right to withdraw their consent and personal information at any given time.
8. Immediate Mandatory Reporting of data breaches
In case of any security breach to occur, the authorities will be needed to be notified within 24 hours. If there is a delay, then the company will need to provide proper justification for the reason of delay.
9. Strict sanctions for not complying with EU GDPR
Strict sanctions will be implemented on the companies that fail to comply with the data breach law. Fine as high as 100 million euros or up to 2% of global revenues will be charged.
10. Circulation of Data outside EU
Data within the EU can circulate freely as long as the integrity of data is safeguarded. However, data transfer to a third party country will be heavily regulated and any EU data being processed abroad must be done as per this legislation.
Once the EU data protection law is implemented all over the EU, it is hoped that it will give back the control to the citizens over their personal data and simplify the regulatory environment for business. The reform will allow citizens and companies to fully reap the benefits of the digital economy in a safe environment.