Data protection basic regulation
EU Regulation for the protection of natural persons in the processing of personal data, for free data traffic
The EU Regulation no. 2016/679 for the protection of natural persons in the processing of personal data, for free data traffic and rescission of the directive 95/46/EC (Data protection basic regulation) entered into force on 25 May 2016 and is to be applied after a 24-month period on 25 May 2018. It now standardises the regulations for the processing of personal data by private companies and public organisations throughout the EU. The Data protection basic regulation applies directly in all EU Member States without an act of implementation. However, accompanying national legislative measures are permissible and necessary in places.
The fundamental cornerstones are:
- Strengthening of the rights of those affected (greater transparency; establishment of the right to be forgotten; consent applies only if voluntary, active and clear)
- New focus on data security (obligating appropriate security precautions, data misuse and breaches of security must be reported to the supervisory authorities)
- Appointment of data protection officers in the public sector
- Increased penalty framework: Penalties of up to EUR 20 million or 4% of the consolidated turnover are possible