The Stack Archive

Landmark EU data protection reform approved

Thu 14 Apr 2016

EU flags

The European Union has adopted new data protection legislation today which is set to increase European citizens’ control over their personal information stored online, including granting people the right to be forgotten.

The EU’s General Data Protection Regulation (GDPR) was passed earlier today, following more than four years of heated discussions and negotiations. Replacing a previous EU data protection law from 1995, the new legislation aims to protect consumers and standardise data protection practice for businesses operating in the digital space. The measures intend to provide citizens with more control over their own data, but means that some companies could come up against hefty fines for not complying.

Businesses will incur much more expensive fines for making data protection errors, up to 4% of their global revenue for the previous year, or €20 million (approx. £16 million) depending on which sum is greater.

European companies will also have to set up a dedicated data protection position if they are handling large amounts of sensitive data, or are conducting analytics on consumer behaviour. The new laws stipulate that businesses keep auditable records of personal data in their possession and alert authorities to a breach within 72 hours.

For consumers the new legislation offers new rights to be forgotten, to be notified, and to data portability – making it easier for users to switch their personal data between different online service providers.

The Greens MEP Jan Philipp Albrecht, who helped see the directive through the legislative process, noted: ‘The new rules will give users back the right to decide on their own private data. Businesses that have accessed users’ data for a specific purpose would generally not be allowed to transfer the data without the user being asked. Users will have to give clear consent for their data to be used.’

The GDPR will come into force 20 days after its publication in the EU Official Journal, and will become directly applicable in all EU member states from April 2018.


data EU legal news privacy
Send us a correction about this article Send us a news tip