The New EU Data Protection Framework – BDO Abogados

In January the European Commission presented a reform of the EU Data Protection Directive. The main focus is to guarantee privacy rights in the digital economy and to remove the current fragmentation and costly administrative burdens due to the existence of 27 different national laws.
The Directive will include new principles related to data protection processing: accountability, the right to be forgotten and “privacy by design”. National Authorities will also be empowered to fine companies that violate data protection rules up to €1m or up to two percent of their global annual turnover.
The main changes include: creating an independent European Data Agency; a requirement for public sector and large enterprises to designate a Data Protection Officer; and organisations must notify the national supervisory authority of serious data breaches within 24 hours.

 

The New EU Data Protection Framework 

Last January 25th, the European Commission has presented a reform of the EU Data Protection Directive.

The main focus is to guarantee privacy rights in the digital economy and to remove the current fragmentation and costly administrative burdens due to the existence of 27 different national laws. In addition the Directive will include new principles related to data protection processing: accountability, the right to be forgotten and “privacy by design”.

National Authorities will be empowered to fine companies that violate EU data protection rules up to €1 million or up to 2% of the global annual turnover of a company.

The main changes in the reform include: laying down an independent European Data Agency to replace the Art. 29 Working Party; public sector and large enterprises shall designate a Data Protection Officer to assess the compliance of data protection regulation; organizations must notify the national supervisory authority of serious data breaches within 24 hours, and companies must foster the use of privacy-enhancing technologies, privacy-friendly default settings and privacy certification schemes in their systems.

Finally, data controllers in the EU will only have to deal with the Data Protection Agency (DPA) of the Member State where the company’s main establishment is located.

Jesús Herranz is an IT and Data Protection lawyer at BDO Abogados in Madrid. He can be reached via jesus.herranz@bdo.es

Garcia-Sicilia

SHARE