Almost half of the preparation period available ahead of the application of the General Data Protection Regulation has already passed. Regulation (EC) No 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("Regulation" or "GDPR") entered into force on 25 May 2016. It provides 2 years from its entering into force for preparation for its application, i.e. the rules of the Regulation are applicable from 25 May 2018. The entry into force of the GDPR has opened a new era of data protection in Europe, as the directly applicable Regulation replaces the current regulatory framework, which is in the form of a directive.
As time progresses, more and more data controllers and processors recognize that they need to take urgent action to comply with the Regulation. The huge amount of the fine (which can amount to EUR 20 million or up to 4% of the total annual global market turnover for the previous financial year) in the Regulation is a very good tool for raising awareness. If not for any other reason, many businesses will surely review their data management practices and try to make steps to handle personal information in accordance with the Regulation in order to avoid potential fines.
In this blog, we try to help you find solutions to the new situation involving the emergence of GDPR, help you to prepare for the application of the Regulation and generally look into privacy issues.
Data protection, regardless of the entry into force of the Regulation, plays an increasingly important role in our everyday lives. Due to technological advances, more and more data is becoming available and there are many possibilities for how to use it. However, awareness of the stakeholders does not always keep up with the challenges posed by the emergence of new opportunities, so it is important for the people concerned to get the easiest and most accessible information on how to manage their personal information. I am confident that we will also provide useful information in this blog for data subjects.
Due to the fact that the Regulation is applied directly in each Member State after 25 May 2018, emphasis is placed on how the rules of the Regulation will be interpreted and applied in the various Member States of the European Union, how the practice of supervisory authorities is evolving and how well a uniform interpretation of the law on certain aspects of the Regulation develops. Thus, the new data protection regime will provide an important topic for data controllers, data processors, data subjects and all interested parties and stakeholders in the longer-term.