The new Data Protection Regulation and Directive published

With the booming of online commerce, entering your personal information and sending it to the cloud has become inevitable. Along grew the concern of both citizens and businesses. The lack of control over given data worried many and the fragmentation of laws and complicated national systems of obtaining protection did not help. Therefore, it is no wonder that 90% of the surveyed EU citizens opted for an improved and unified EU data protection legislation.

On 4 April 2016 the European Parliament adopted the new Data Protection Regulation and Directive. The Directive entered into force on 5 May 2016, with a three-year transposition deadline, and the Regulation will enter into force on 24 May 2016, with the application date set for 25 May 2018.

The new legislation applies to organizations, based both in the EU and outside of it, when collecting EU citizens´ data.

Under the coordination of the European Data Protection Board (EDPB), each country will have to form a Supervisory Authority, a body responsible for sanctioning illegally collected data. Also, the new legislation predicts help in data controlling by a Data Protection Officer, a person with expert knowledge of data protection law, monitoring internal compliance with the Regulation. Under his scope of obligations is notifying the SA on established breaches.

The former “right to erasure” will now be replaced by a less lenient “right to be forgotten”. It is predicted that the number of deleted entries will from now on be on a rise, as more power is given to the individuals and not the controller.

Some dissatisfaction has been expressed concerning the new legislation. As most of it is pointed to forming the new bodies and difficulties reaching the high demands for protection the data, it is to be expected that private persons are to feel the benefits of the Regulation and the Directive.