After four years trying to reform the 1995 Directive, the European Parliament has approved the new Regulation (EU) of data protection 2016/679, although its application will not be made up within two years, in 2018.
It is an extensive regulation, whose implementation period of two years gives us an idea of its difficulty as a result of new obligations for companies and the Administration, of the existence of vague legal concepts of remission in some cases the law of the Member States and of the possibility that is granted to them to be able to continue regulating more specific norms to ensure the protection of data processing standards.
The difficulty is also reflected in the change of methodology regarding the security measures that companies should apply. Once again, multinationals will not have much trouble as a result of the resources they have for their identification and evaluation, but not the small and medium enterprises. Until are implemented and consolidated external advice will be essential.
The reform aims to restore to citizen the control of their personal data and to ensure in the EU a wide high protection standards adapted to the digital environment, as with Directive 1995 Internet use was not so widespread. It also includes new minimum standards for the use of data by law enforcement purposes.
The aim of the new regulation is to give citizens more control over their private information in a world of smart phones, social networking, internet banking and global transfers.
Regarding the scope and extent of action, it extends not only to the protection of personal data but the movement thereof being must apply whether the treatment takes place by an established company or not in the Union European. This will allow the citizens of the European Union, have legal certainty regarding the treatment and tranquility that companies outside the European Union make their data.
The new data protection rules include among others:
– The right to be forgotten by the correction or deletion of personal data.
– The need for clear and affirmative consent by the concerned person to the processing of personal data.
– The portability, or the right to transfer the data to another service provider.
– The right to be informed whether personal data have been infringed.
– Penalties of up to 4% of the global turnover of the companies in case of infringement.