As of tomorrow, 25 May, new data protection rules will apply across the EU.
Andrus Ansip, Vice-President for the Digital Single Market, said: "Europe's new data protection rules will be a reality tomorrow. Europeans' privacy will be better protected and companies benefit from a single set of rules across the EU. Strong data protection rules are the basis for a functioning Digital Single Market and for the online economy to prosper. The new rules ensure that citizens can trust in how their data is used and that the EU can make the best of the opportunities of the data economy.
Our new data protection rules were agreed for a reason: Two thirds of Europeans are concerned about the way their data was being handled, feeling they have no control over information they give online. Companies need clarity to be able to safely extend operations across the EU. Recent data scandals confirmed that with stricter and clearer data protection rules we are doing the right thing in Europe.”
Vĕra Jourová, Commissioner for Justice, Consumers and Gender Equality, added:
“Personal data is the gold of the 21st century. And we leave our data basically at every step we take, especially in the digital world. When it comes to personal data today, people are naked in an aquarium.
Data protection is a fundamental right in the EU. The new rules will put the Europeans back in control of their data. Now we have a choice and can decide what happens and who has what sort of data. You can ask and companies have to tell you. You can also recover your data if you leave or change service.
Companies will also benefit from the new rules, because they will be the same everywhere and the companies will only have one authority to deal with. This makes it easier to expand a business activity to another Member State.
The rules are based on a risk-based approach. Companies that have been making money from our data, have more responsibilities. They should also give something back to the consumers; at least the security of their data. Companies, which do not process data as their core business activity, have less obligations and mainly have to make sure that the data they process are secure and used legally. They will also be rules with teeth. Everyone, especially those companies that monetise our personal data, will have an interest to play by the rules.
With the General Data Protection Regulation Europe asserts its digital sovereignty and gets ready for the digital age. Beyond that, the new rules are beginning to set a global standard for privacy. They will help to bring back the trust we need to be successful in a global digital economy."
On 6 April 2016, the EU agreed to a major reform of its data protection framework, by adopting the data protection reform package, comprising the General Data Protection Regulation (GDPR) replacing the twenty years old Directive. On 25 May 2018, the new EU-wide data protection rules are becoming applicable, two years after its adoption and entry into force.
On Data Protection Day this year, the Commission published guidance to facilitate a direct and smooth application of the new data protection rules across the EU as of 25 May. The Commission also launched a new online tool dedicated to SMEs (see press release).
The Commission will continue to actively support Member States, Data Protection Authorities and businesses to ensure the rules are applied effectively. The Commission has allocated EUR 1.7 million to co-finance the training of data protection professionals. A further EUR 2 million has been allocated to support national data protection authorities in reaching out to businesses, in particular SMEs, and individuals.
As of today, the Commission will monitor how Member States apply the new rules and take appropriate action as necessary. One year after the Regulation enters into application (2019) the Commission will organise an event to take stock of different stakeholders' experiences of implementing the Regulation. This will also feed into the report the Commission is required to produce by May 2020 on the evaluation and review of the Regulation.
For more information
A new updated handbook from the EU Agency for Fundamental Rights (FRA), Council of Europe and European Court of Human Rights is also published today raising awareness and knowledge of the new data protection rules in the EU and Council of Europe Member States and how they are being applied in practice.