Stricter data protection regulation

As of 2018 a new, standard data management regulation enters into force in the European Union, because this spring the European Parliament (EP) voted in favour of the General Data Protection Regulation (GDPR). One of the regulation’s objectives is to give internet users more control of their personal data. The GDPR also intends to unify data protection in the EU at a high level that falls in line with the requirements of the digital era. All member states need to adopt the new rules, which also address the export of personal data outside the EU by companies.

GDPR rapporteur Jan Philipp Albrecht told after the vote that the parliament’s approval was a big win for consumer rights, market competition and the EP alike. The new, standard regulation creates a clear situation for the business sector too, as the new rules create legal safety, fairer competition and an atmosphere of trust. Some of the most important parts of the new regulation are the right to erasure/right to be forgotten, consent, data portability and data breach notification.

The GDPR can contribute to the vitalisation of the EU’s digital single market by increasing the trust of users in online services and the legal safety of enterprises. In the past the directive that regulated this field only made recommendations to member states, therefore businesses had to cope with the fact that there were as many regulations as countries. Now the GDPR simplifies the situation, regulating in detail what data managers and the data processing service providers that work for them need to do.

One of the GDPR’s most important pillars is that the whole data management process must be transparent. Users must get information that they can find and understand easily. The consent of individuals is needed for handling their personal data. Every user has the right to modify their personal data or to have them deleted if they don’t wish to use the given service of a company any more. The European Commission cooperates with national data protection authorities to define the guidelines that must be followed when putting the GDPR into practice at member state level. In Hungary this implementation task will be done by the National Authority for Data Protection and Freedom of Information (NAIH).

As we have already mentioned it, the GDPR also regulates the activities of companies from non-EU member states in the market of the European Union. However, the regulation isn’t global, therefore further agreements need to be signed with companies and countries. One of the most important such data protection agreements is the EU-USA Privacy Shield. We can expect similar agreements to be signed with other non-EU countries in the future. What is more, it is also probable that there will be changes in the EU-level regulation, based on how individual member states can implement the directive.