On the 25th of May 2018, the data protection regulation is going to change in Europe, with the General Data Protection Regulation (GDPR) coming into effect.
Since its creation in September 2014, Wales Express made the clear choice to proactively implement this regulation and to conform with this new legal framework at the Global and European level.
The GDPR strengthens individuals’ rights and acknowledges the new capacities of data processing. The definitions below come from the GDPR:
- Transparency: “The principle of transparency requires that any information addressed to the public or to the data subject be concise, easily accessible and easy to understand, and that clear and plain language and, where appropriate, visualisation be used”.
- Consent: “Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.”
- Rights of individuals:
- Right of access by the data subject: “The data subject shall have the right to obtain from the controller a confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data.”
- Right to be forgotten in the online environment: “A data subject should have the right to have personal data concerning him or her rectified and a ‘right to be forgotten’ where the retention of such data infringes this Regulation or Union or Member State law to which the controller is subject.”
- Right to restriction of processing: “The data subject shall have the right to obtain from the controller restriction of processing” under certain circumstances.”
- Right to data portability: “The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.”
- Responsibility: GDPR also aims at promoting accountability from the companies, which must be able, at any time, to demonstrate the conformity of its data processing with the GDPR principles.
The new law is a replacement for the 1995 Data Protection Directive, which has until now set the minimum standards for processing data in the EU.
GDPR will significantly strengthen a number of rights: individuals will find themselves with more power to demand companies reveal or delete the personal data they hold; regulators will be able to work in concert across the EU for the first time, rather than having to launch separate actions in each jurisdiction; and their enforcement actions will have real teeth, with the maximum fine now reaching the higher of €20m (£17.5m) or 4% of the company’s global turnover.