The new Regulation (EU) 2016/679 on personal data protection was published in the Official Journal of the European Union. The Regulation replaces Directive 95/46/EC and reforms data protection rules in the European Union, introducing several key changes directly applicable to all Member States from 25 May 2018; this is, in itself, a significant novelty. Therefore, the Commissioner for Personal Data Protection of the Republic of Cyprus made significant clarification on the implementation of the New Regulation. It is critical to state that all consents received on the basis of existing legislation remain valid under the new Regulation and therefore no re-assent is required. Should the mailing list mistakenly included people from whom consent had not been obtained or should there were people who had asked not to receive messages, the sending of this message might be an offense. The European Commission has published guidance to facilitate the smooth application of the General Data Protection Regulation (GDPR), the new EU-wide data protection instrument.
Following, a brief summary including some of the most significant changes :
- The new Regulation shall also be applied to data controllers established outside the Union when data processing, aimed at offering them goods and/or services or at monitoring their behaviour concerning data subjects established in the Union.
- The requirements to obtain valid consent become stricter
- Right to be forgotten
- Principles of data protection “by design” and “by default” are introduced.
- Data controllers shall carry out a “data protection impact assessment” when the data processing at issue is likely to result in a high risk to subjects’ rights and freedoms and they shall maintain records of processing activities under their responsibility.
- As soon as they become aware that a personal data breach has occurred, data controllers shall notify the national supervisory authority and/or data subjects of the data breach at issue.
- Penalties become significantly stricter: infringements of the Regulation’s provisions, in fact, are subject to administrative fines up to € 20.000.000, or, in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year.
Mykonos Lawyers Firm
Legal advice on Regulation EU 2016/679 (GDPR) concerning personal data protection in Mykonos and Greece.
Recent Comments