New General Regulations for Data Protection
They will take effect in all EU member states on May 25.
Corina Cristea, 26.04.2018, 13:42
New General Regulations for Private Data Protection will take effect in all EU member states in less than a month, on May 25. The new norms, among the strictest in the world, are aimed at protecting the rights of natural persons to a larger extent, such as the right to be informed, to request portability or the removal of data. “The new regulations provide for an extension of the rights of the companies’ clients. For instance, in the case of the right to be informed, a larger number of pieces of information should be sent to the companies’ clients, in case of direct information as well as regarding the data obtained from private people and indirect information.
Apart from information such as the purpose, beneficiaries and rights, further information on the period during which the data is stocked, the legal basis for data processing and the right to forward complaints to the authority is also requested” Alina Săvoiu, the representative of the National Authority for the Surveillance of Private Data Processing has explained.
In keeping with the new regulations, some companies will have to designate a person responsible for data protection. It will be compulsory to create such a position in any company functioning in the public sector, with the exception of courts. As regards the private sector, this is necessary only if certain types of data processing activities are carried out, those involving risks, or the processing of sensitive data on a large scale, in case of high volumes of data or of large geographical area.
Lawyer Laurenţiu Petre has more: “In the case of public authorities or bodies, it is compulsory (to have such a position). Also, this is valid for those who operate periodical and systemic monitoring of persons on a large scale; the operator as well should nominate a data protection officer. This goes also for those processing special category data, for instance medical data and data regarding children. Not all operators should designate this data protection officer, but each case should be analysed, whether or not it makes the object of the new provisions.“
The regulations also provide for tougher sanctions for those violating data protection norms. Fees will reach up to 20 million Euros or 4% of a company’s turnover. Social networks and several communication apps have already started to harmonise their confidentiality policy with the new European norms.