In just under one hundred days' time, the new general regulation on personal data protection (GDPR) will enter into force. During the presentation on Wednesday 24 January of the new practical online tools that seek to facilitate application of the GDPR, the European Commissioner for Justice, Vĕra Jourová, indicated that at this stage, only Germany and Austria had taken the measures necessary to comply with the new rules.
She explained that, “preparations were advancing at different speeds in the member states” and called on the other member states to speed up the adoption of the national legislation and ensure that these measures comply with the regulation.
Although the new regulation includes a single raft of rules directly applicable in all the member states, it does require European governments to modify their existing laws on certain aspects. In Spain, for example, a draft of law was submitted to Parliament last November and in France, in January. In Denmark, the legislative process is expected to come to an end in March 2018 at the latest. Delays have also been identified in Italy.
It should be recalled that the reform presented in 2012 and adopted in 2016 (see EUROPE 11732), modernises the 23-year-old rules. As from 25 May 2018, the date of the entry into force, citizens will be able to benefit from laws such as the law on removing their personal data or their explicit consent for using important data relating to them. The data protection authorities will also have the power of imposing fines that could be as much as €20 million.
New practical online tools
In an effort to help companies, particularly SMEs and the public authorities and citizens comply and benefit from the new rules, the Commission has launched a website that provides practical guidelines in all EU languages and which will be regularly updated. These documents look at the practical benefits and opportunities provided by the regulation, as well as the progress achieved in the preparatory work up until now and what the next steps will be.
The Commission also announced that it would allocate €1.7 million to fund data protection authorities, as well as for professional data protection training. It would also provide an additional envelope of €2 million for the national authorities to help them raise awareness among companies.
Personal data protection at the European institutions?
One proposal that went through relatively unnoticed related to the personal data protection that is currently the subject of trialogue negotiations (see EUROPE 11941): the draft regulation on personal data processing by the EU institutions and bodies. The text was proposed a year ago in an effort to adapt the existing rules to the stricter ones established by the GDPR and this is also supposed to enter into force on 25 May next.
The European personal data protection supervisor, Giovanni Buttarelli, warned against any delays due to the negotiations and pointed out in a note dated 22 January that this legislation, “is a statement of the EU’s commitment to subject itself to the same rules that will apply to others under the GDPR. There can be no special treatment for the ’EU bubble’.”
In this regard, he urged Parliament, Council and Commission to reach a compromise as soon as possible. (Original version in French by Marion Fontana)