eBook on the EU’s General Data Protection Regulation
MITLA has launched an excellent eBook containing an overview of its Seminar entitled: ‘Data Protection at a crossroads: re-inventing wheels or chasing windmills?‘ held on the 1st of April in Malta.
The regulation aims at bringing current data protection legislation in line with recent technological and social developments. As summarised by M Law Group, “The proposed new EU data protection regime extends the scope of the EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 2% of worldwide turnover.”
Through the proposed Regulation:
1. The EU will have one continent-wide law which is valid across the EU. According to European Commission estimates this will save businesses around €2.3 billion a year in extra administrative costs.
2. The Regulations do away with the ex-ante notification system which requires all companies processing personal data to notify data protection authorities, while imposing more responsibility and obligations on data processors. According to the EuropeanCommission this will save business around €130 million a year.
3. New obligations imposed on dataprocessors include the obligation to inform authorities of any serious data breaches as soon as possible (and within 24 hours if possible).
4. The Regulations also set up a’one-stop shop’ system, which will see organisations deal with a singlenational data protection authority in the EU country where they have their main establishment. At the same time, data subjects will also be able to refer tothe data protection authority present in their country, even if their data is being processed by a company based out of the European Union.
5. The Regulations also include the ‘right to be forgotten’ which will help data subjects manage their personal data online, giving them the right to ask for the deletion of their data if there are no legitimate grounds for retaining it.
6. The Regulations make it easier for data subjects to transfer their personal data from one service to another based on the notion of data portability.
7. Data Protection rules related to data protection and police or judicial matters will not be regulated in theregulations but will be dealt with in a new Directive.
View the eBook here.