The European Parliament and the Council of Europe adopted on 27 April 2016 the EU2016 / 679 Regulation on the protection of individuals with regard to the processing of personal data. Its provisions will be applicable in all Member States of the European Union as of 25 May 2018.
The European Parliament and the Council of Europe adopted on 27 April 2016 the EU2016 / 679 Regulation on the protection of individuals with regard to the processing of personal data. Its provisions will be applicable in all Member States of the European Union as of 25 May 2018.
The regulation introduces severe sanctions of up to 10-20 million euros or between 2% and 4% of global turnover for private sector operators.
To who it is addressed?
-
public authorities or a public body, with the exception of courts acting in their judicial role;
-
those who process periodically and systematically the data of individuals (contracts, offers, payment of employees); – to most companies
-
those who process large-scale special categories of data (medical practices, clinics) or personal data categories on criminal convictions and offenses.
The role of this regulation is:
-
to inform and advise the operator as well as his employees about the existing obligations in the field of personal data protection;
-
monitor compliance with national data protection regulation and legislation;
-
to advise the operator on data protection impact assessments and to verify their performance;
-
cooperate with the data protection authority and represent the point of contact in relation to it.
In order to implement the provisions of the Regulation, the legal entities concerned must designate a data protection officer. The Data Protection Officer may be internal (hired) or external (a subcontractor specialized in this type of service) and must have expertise and experience in the field of personal data protection.