EU Data Protection: New Rights and Obligations

At the end of May 2018, the new European Data Protection law will be fully effective. Consumers can look forward to more rights. Since 1990s, a lot has changed and these rules across Europe is about to see their biggest change.
But companies are facing to impliment significant changes whch they need to react. Not only the big corporations, but also small companies and even blogger, private website operators need to be used with basics of the changes. This article on EU Data Protection is about how the regulation came about and what intentions and principles of thought are behind it.

 

EU Data Protection Law

 

General Data Protection Regulation (GDPR) which will come into force on May 25 2018 which will change how businesses and public sector organisations can handle the information of their customers. The GDPR is Europe’s new framework for data protection laws. The DSGVO is to establish a level of data protection that is equally high throughout Europe, a so-called “level playing field” for companies. The objective was to eliminate existing distortions of EU internal competition because of different national data protection. After more than four years of tough fighting, the so-called EU Data Protection Regulation (DSGVO) came into force on 24.05.2016. Deadline is now 25th May after end of the two-year transitional period. Regulations will apply directly in each Member State.

There will be new rights for people to access the information companies hold about them and obligations for better data management for businesses. UK is implementing a new Data Protection Bill which largely includes all the provisions of the GDPR. Individuals, organisations, and companies which are either controllers or processors of personal data will be covered. There are 99 articles setting out the rights of individuals and obligations placed on organisations covered by the regulation :

There is also an interactive informative site :

Local Data Protection Authority will monitors compliance while their work will be coordinated at EU-level. The cost of falling foul of the rules can be high. Companies with fewer than 250 employees don’t need to keep records of their processing activities unless processing of personal data is a regular activity, poses a threat to individuals’ rights and freedoms, or concerns sensitive data or criminal records. SMEs will only have to appoint a Data Protection Officer if processing is their main business and it poses specific threats to the individuals’ rights and freedoms.