Call us now:
The General Data Protection Regulation has been agreed at the EU Parliament. New EU data protection rules, which aim to give citizens back control of their personal data and create a high, uniform level of data protection across the EU fit for the digital era was given their final approval by MEPs yesterday. The reform also sets minimum standards on use of data for policing and judicial purposes. Parliament’s vote ends more than four years of work on a complete overhaul of EU data protection rules. The reform will replace the current data protection directive, dating back to 1995 when the internet was still in its infancy, with a general regulation designed to give citizens more control over their own private information in a digitised world of smartphones, social media, internet banking and global transfers. The new rules include provisions on:
- a right to be forgotten,
- “clear and affirmative consent” to the processing of private data by the person concerned,
- a right to transfer your data to another service provider,
- the right to know when your data has been hacked,
- ensuring that privacy policies are explained in clear and understandable language, and
- stronger enforcement and fines up to 4% of firms’ total worldwide annual turnover, as a deterrent to breaking the rules.
Under the GDPR, fines for date breaches could be as high as €20m or 4% of global turnover, with businesses being required to report a serious breach within 72 hours of it occurring.
The regulation will enter into force 20 days after its publication in the EU Official Journal. Its provisions will be directly applicable in all member states two years after this date.