Content deleted Content added
No edit summary |
No edit summary |
||
Line 1:
{{User sandbox}}
<!-- EDIT BELOW THIS LINE -->
The European Commission plans to unify data protection within the European Union (EU) with a single law, the General Data Protection Regulation (GDPR). The current [[Data Protection Directive|EU Data Protection Directive 95/46/EC]] does not consider important aspects like globalization and technological developments like social networks and cloud computing sufficiently and new guidelines for data protection and privacy were required. Therefore a proposal for the regulation has been released on 25 January 2012. The adoption is aimed for in 2014 and the regulation is planned to take effect in 2016 after a transition period of 2 years. Discussions regarding specific contents are still ongoing.
Line 21:
Valid consent must be explicit for data collected and purposes data used (Article 7; defined in Article 4). Consent for children under 13 must be given by child’s parent or custodian, and should be verifiable (Article 8). Data controllers must be able to prove “consent” (opt-in) and consent may be withdrawn. <ref>[https://www.privacyassociation.org/media/presentations/A12_EU_DP_Regulation_PPT.pdf "How the Proposed EU Data Protection Regulation Is Creating a Ripple Effect Worldwide"]. Judy Schmitt, Florian Stahl. 11 October 2012. Retrieved 03 January 2013.</ref>
=== Data breaches ===
The data controller has to notify the DPA without undue delay and, where feasible, not later than 24 hours after having become aware of the data breach (Article 31). Individuals have to be notified if adverse impact is determined (Article 32).
=== Fines ===
The following fines ''shall'' be imposed
* Up to €250K or up to 0.5% of the annual global sales for intentionally or negligently not responding to requests by the data subject or the DPA,
* Up to €500K or up to 1% of annual global sales for intentionally or negligently not complying with GDPR
* Up to €1,000K or up to 2% of annual global sales for intentionally or negligently not complying with specific GDPR regulations
=== Right to be Forgotten ===
Personal data has to be deleted when the individual withdraws consent or the data is no longer necessary and there is no legitimate reason for an organization to keep it. (Article 17)
=== Data Portability ===
A user shall be able to request a copy of personal data being processed in a format usable by this person and be able to transmit it electronically to another processing system.
(Article 18)
== Timeline ==
The preliminary schedule is <ref>[http://www.janalbrecht.eu/uploads/pics/data_protection_English.pdf General Data Protection Regulation in 10 Points]. Jan Philipp Albrecht. 20 December 2012. Retrieved 03 January 2013</ref>
| |||