Very troublesome negotiations were there since last four years on personal data protections. At last on May 4, 2016, Regulation EU 2016/679 was published in an official journal of EU. This was all about personal data protection regulations. These regulations are going to replace the previous directive 95/46/EC. Many reforms have been introduced in this regulation that will totally change the rules of data protection in EU. In this regulation, many changes are also discussed that will be applicable to Member states from 25th May 2018. In this article, we are going to present the summary of the Regulation EU 2016/679. Let’s take a look.
The Scope of the Application of Regulation EU 2016/679
In this regulation, the scope of its application is broadened. The legislations related to European data protection are defined more clearly. It is now applicable to all the data controllers not only inside EU but also outside EU. The reason is that there are many organizations and firms that are using this data outside EU and delivering goods and services to individuals that are residing inside EU. The internet service providers that are present outside EU will be affected by this regulation. The requirement to get a lawful permission is now a strict procedure. If it is valid then permission will be granted according to a very clear and affirmative act. No permission will be granted to pre-ticks, silence, and inactivity. Also, the data subjects can withdraw their permission to process data without any restriction.
The Transport of Data
A right will be provided to data controllers to delete the processed or stored data. The controller also has the right to transport data without being harming it and ensuring that there is no data preach. Two new principles are introduced in this regulation and they are “By Default” and “By Design”. It is the total responsibility of the data controller to protect data during collection and processing. The data should be used only for the purpose for which it is being collected. It is used according to the permission granted.
Data Protection Impact Assignment
All the data controllers are now bound to carry out an assignment known as “Data Protection Impact Assignment”. When the data is being processed it has a number of risks associated with it so it is the responsibility of the controller to keep a record of all the processing being carried out on personal data.
If the controllers have noticed any type personal data breach then it is their duty and responsibility to immediately inform national supervisory authority.
Data Protection Officers
The best thing in this regulation is that the role of data protection officer has been introduced. This is for both public and private entries that are there to process special categories of personal data. It can be sensitive or biometric data related to individuals. The definition of data officer is that it is a person who has expertise in data protection practices and laws. These officers can be outside consultants or the employees of the data controller. Their duty is to inform data controller all the obligations that are related to this regulation. They have to fully monitor the application of Regulation EU 2016/679. All the processors and controllers can take a certificate from certification bodies and authorities.