Content deleted Content added
m Bot: Adding Uncategorized tag |
Andrewman327 (talk | contribs) |
||
Line 1:
{{Orphan|date=January 2013}}
{{Uncategorized|date=January 2013}}
The [[European Commission]] plans to unify data protection within the [[European Union]] (EU) with a single law, the '''General Data Protection Regulation (GDPR)'''. The current [[Data Protection Directive|EU Data Protection Directive 95/46/EC]] does not consider important aspects like globalization and technological developments like social networks and cloud computing sufficiently and new guidelines for data protection and privacy were required. Therefore a proposal for the regulation has been released on 25 January 2012. The adoption is aimed for in 2014 and the regulation is planned to take effect in 2016 after a transition period of 2 years. Discussions regarding specific contents are still ongoing.
Line 6 ⟶ 8:
== Content ==
The proposal for the European Data Protection Regulation contains the following key changes:
=== Scope ===
The regulation applies if the data controller or processor (organization) or the data subject (person) is based in the EU. Furthermore (and unlike the current Directive) the Regulation '''also applies to organizations based outside the European Union if they process personal data of EU residents'''. According to the European Commission "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address." <ref>[http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en European Commission’s press release announcing the proposed comprehensive reform of data protection rules]. 25 January 2012. Retrieved 03 January 2013.</ref>
=== Single Set of Rules ===
One single set of rules applies to all EU member states and there will be one '''Single Data Protection Authority (DPA)''' responsible for each company depending on where the Company is based or which DPA it chooses. A European Data Protection Board will coordinate the DPAs.
Line 18 ⟶ 22:
privacy settings are set at a high level by default.
'''Data Protection Impact Assessments''' (Article 33) have to be conducted when specific risks occur to the rights and freedoms of data subjects. Risk assessment and mitigation is required and an prior approval of the DPA for high risks. '''Data Protection Officers''' (Articles 35-37) are to ensure compliance within organizations. They have to be appointed for all public authorities and for enterprises with more than 250 employees.
=== Consent ===
Valid consent must be explicit for data collected and purposes data used (Article 7; defined in Article 4). Consent for children under 13 must be given by child’s parent or custodian, and should be verifiable (Article 8). Data controllers must be able to prove “consent” (opt-in) and consent may be withdrawn.
=== Data breaches ===
The data controller has to notify the DPA without undue delay and, where feasible, not later than 24 hours after having become aware of the data breach (Article 31). Individuals have to be notified if adverse impact is determined (Article 32).
=== Fines ===
The following fines can be imposed
Line 27 ⟶ 34:
* Up to €500K or up to 1% of annual global sales for intentionally or negligently not complying with GDPR
* Up to €1,000K or up to 2% of annual global sales for intentionally or negligently not complying with specific GDPR regulations
=== Right to be Forgotten ===
Personal data has to be deleted when the individual withdraws consent or the data is no longer necessary and there is no legitimate reason for an organization to keep it. (Article 17)
=== Data Portability ===
A user shall be able to request a copy of personal data being processed in a format usable by this person and be able to transmit it electronically to another processing system.
(Article 18)
== Timeline ==
The preliminary schedule is <ref>[http://www.janalbrecht.eu/uploads/pics/data_protection_English.pdf General Data Protection Regulation in 10 Points]. Jan Philipp Albrecht. 20 December 2012. Retrieved 03 January 2013</ref>
*
* End of April 2013: Orientation vote in LIBE Committee
* from May 2013 on (depending on progress in the Council of Ministers) Negotiations between European Parliament, Council and Commission (Trilogue)
Line 67 ⟶ 77:
== External links ==
* [http://ec.europa.eu/justice/data-protection/index_en.htm EU Data Protection page]<br />
* [http://www.computerweekly.com/opinion/Proposed-EU-Data-Protection-Regulation-what-should-companies-be-thinking-about How to prepare for proposed EU data protection regulation (Computerweekly)]
<!-- This will add a notice to the bottom of the page and won't blank it! The new template which says that your draft is waiting for a review will appear at the bottom; simply ignore the old (grey) drafted templates and the old (red) decline templates. A bot will update your article submission. Until then, please don't change anything in this text box and press "Save page". -->
| |||