Compliance Actualia

New European Privacy Regulation (Jan 2012)

Thomas de Weerd, 26 oktober 2012 17:02 On 25 January 2012, the European Commission has released the long awaited draft Regulation that will replace the Privacy Directive 95/46/EC. It is expected that it will take another two years before the Regulation enters into force. Once in force, there will be a transitional period of two years before the rules actually apply. The draft Regulation contains ambitious rules for the protection of privacy of data subjects to be complied with by controllers and by processors. Some of the main points from the draft Regulation are: • There will be a single set of rules for the entire EU. Instead of the present Directive, which has led to different implementations in 27 Member States, the new rules are contained in a regulation which has direct applicability in all Member States. • A right to be forgotten is introduced. A person whose data have been processed may in certain cases require a controller to erase the data and abstain from further dissemination of such data. This right should be balanced with, inter alia, the right to freedom of expression (article 17). • All personal data breaches have to be notified. The controller must notify the breach to the supervisory authority and to the persons whose privacy is likely to be adversely affected. Processors should immediately alert controllers if they establish a breach (articles 31 and 32). • A duty to designate a DPO is introduced. Controllers and processors must designate a data protection officer if they employ 250 persons or more, or if their core activities consist of processing operations which require regular and systematic monitoring of data subjects (article 35). • Binding corporate rules have to be approved by one national supervisory authority only. Controllers or processors with approved BCR may transfer personal data outside the EEA (articles 42 and 43). • Heavy fines for violations are introduced. A scale of fines for violations of the Regulation is introduced which enables a supervisory authority to impose fines of up to EUR 1,000,000 or 2% of an enterprise’s annual worldwide turnover (article 79). On 25 January 2012, the European Commission has released the long awaited draft Regulation that will replace the Privacy Directive 95/46/EC.

The new Regulation contains material changes to the current privacy rules in the Netherlands, and the EU.
Deel deze pagina:

Informatie

Type
Actualia
Onderwerp(en)
Algemeen sanctierecht, Privacy
Auteurs
Link
Regulation text
Datum gepubliceerd