Whenever you open a bank account, join a social networking website or book a flight online, you hand over vital personal information such as your name, address, and credit card number.
What happens to this data? Could it fall into the wrong hands? What rights do you have regarding your personal information?
Everyone has the right to the protection of personal data.
Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose. Furthermore, persons or organisations which collect and manage your personal information must protect it from misuse and must respect certain rights of the data owners which are guaranteed by EU law.
Every day within the EU, businesses, public authorities and individuals transfer vast amounts of personal data across borders. Conflicting data protection rules in different countries would disrupt international exchanges. Individuals might also be unwilling to transfer personal data abroad if they were uncertain about the level of protection in other countries.
Therefore, common EU rules have been established to ensure that your personal data enjoys a high standard of protection everywhere in the EU. You have the right to complain and obtain redress if your data is misused anywhere within the EU.
The EU’s Data Protection Directive also foresees specific rules for the transfer of personal data outside the EU to ensure the best possible protection of your data when it is exported abroad.
GDPR TIMELINE:
Previous Legislation
- 1995 – October 24th, Data Protection Directive 95/46/EC created to regulate the processing of personal data
Legislative Proposals
- 2012 – January 25th, initial proposal for updated data protection regulation by the European Commission
- 2014 – March 12th, the European Parliament approved its own version of the regulation in its first reading
- 2015 – June 15th, the Council of the European Union approved its version in its first reading, known as the general approach, allowing the regulation to pass into the final stage of legislation known as the “Trilogue”
Trilogue Timeline
- 2015 – June 24th, meeting covering:
- Package approach: Objective of Luxembourg Presidency for the proposed directive
- Agreement on the overall roadmap for Trilogue negotiations
- General method and approach for delegated and implementing acts
- 2015 – July 14th, meeting covering:
- Territorial scope (Article 3), Representative (Article 25)
- International transfers (Chapter V), related definitions
- 2015 – September 16-17th, meeting covering:
- Data protection principles (Chapter II)
- Data subject rights (Chapter III)
- Controller and Processor (Chapter IV)
- 2015 – September 29-30th, meeting covering:
- Data protection principles (Chapter II)
- Data subjects rights (Chapter III)
- Controller and Processor (Chapter IV)
- 2015 – October 15th, Trilogue covering:
- Independent Supervisory Authorities (Chapter VI)
- Cooperation and consistency (Chapter VII)
- Remedies, liability and sanctions (Chapter VIII)
- 2015 – October 28th, meeting covering:
- Independent Supervisory Authorities (Chapter VI)
- Cooperation and consistency (Chapter VII)
- Remedies, liability and sanctions (Chapter VIII)
- 2015 – November 11-12th, meeting covering:
- Objectives and material scope (Chapter I)
- Specific regimes (Chapter IX)
- 2015 – November 24th, meeting covering:
- All open issues from Chapter I to IX
- 2015 – December 10th, meeting covering:
- Delegated and Implementing Acts (Chapter X)
- Final provisions (Chapter XI)
- Remaining issues
- 2015 – December 15th, meeting covering:
- Delegated and Implementing Acts (Chapter X)
- Final provisions (Chapter XI)
- Remaining issues
Approval & Adoption
- 2015 – December 15th, the Parliament and Council have come to an agreement, and the text will be final as of the Official signing to take place in early January of 2016.
- 2016 – January
- April 8th – Adopted by the Council of the European Union
- April 16th – Adoption by the European Parliament
- May – Regulation will enter into force 20 days after it is published in the EU Official Journal
Enforcement
- 2018 – May – Following a 2 year post-adoption grace period, the GDPR will become fully enforceable throughout the European Union.
(The source is the European Commission/Justice/Data Protection and eugdrp.org)
Jiri Klega, Attorney at Law
email: klega.j@advokatova.cz