The EU’s General Data Protection Regulation takes effect
The EUs General Data Protection Regulation, GDPR, has taken effect. It imposes tougher regulations regarding the management of personal data
Corina Cristea, 25.05.2018, 13:53
Drafted by the European Commission two years ago, the General Data Protection Regulation (GDPR) took effect on May 25, creating a legislative framework that should be applied in a unitary manner. The need for such regulation emerged in the context of the existence of 28 national legislations in the field, and of the fact that the former data protection law was outdated, namely older than 20 years. All the companies operating within the EU will have to abide by the same set of norms from now on, no matter where their headquarters are located.
Given that these norms are stricter, people will enjoy more control over their own personal data. Also, companies will benefit from equal conditions in terms of competition. The new Regulation focuses on transparency and on rendering data operators responsible for the way in which they process personal data. It sets a number of special guarantees meant to more efficiently protect the private life of minors, especially in the online environment, consolidates the guaranteed rights of targeted persons, and introduces new rights for individuals.
The head of the legal and communication department with the National Supervisory Authority for Personal Data Processing, Alina Săvoiu, explains: “The regulation is meant to protect individuals, their rights and private lives, and at the same time, it lays greater emphasis on the obligations of both public and private data operators. They are responsible for the security and confidentiality of the data which they hold, and have to ensure the rights of people starting from the right to information, the right to opposition, the right to intervention and other new rights such as the right to data portability or the right to erasure or to be forgotten on the Internet.”
Another provision in the regulation refers to designating somebody responsible for the data protection at the level of the data operator. In terms of sanctions, the companies that will infringe the new General Data Protection Regulation will pay fines of 2% of their annual global turnover for violations of data protection rules, but no less than 10 million Euros, or of 4% of the annual global turnover for violations of the basic principles regarding data processing, but no less than 20 million Euros.(Edited by D. Vijeu)
