As of today, 25 May 2018, in the European Union, commences the application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
On 6 April 2016 the EU agreed on the implementation of a major reform in the data protection sphere by introducing a data protection package reform, including the General Data Protection Regulation, which repeals the 20 years old Directive 95/46/EC (Data Protection Regulation) and Directive (EU) 2016/680.
From 25 May 2018, the General Data Protection Regulation starts to apply directly, two years after its adoption and coming into force. By ensuring a number of rules, directly applicable to the EU member states, it will guarantee the free movement of personal data between those states and will strengthen the trust and safety of consumers, two vital elements for the creation of a true single digital market. In this way, the Regulation will open new possibilities for businesses and enterprises, and especially for the smaller ones.
During the last two years all stakeholders, from national administrations and data protection authorities, to controllers and processors, participated in a number of activities, so as to guarantee that the importance and the scale of the changes, introduced by the new data protection framework, are well-understood and all participants are ready for its application.
The new regulation provides for a single set of rules that will directly apply in all member states. Simultaneously, the member states have to implement legislative measures in accordance with Regulation (EU) 2016/679 at national level.
The new legal framework is an opportunity for the EU to become a global leader in this sphere. In the context of a fast-growing digital network, the European Union, its citizens and enterprises, should have everything they need to reap the benefits and to understand the potential consequences of the data-based economy. Undertakings, especially smaller ones, will be able to benefit from the favorable for innovation single set of rules, to harness it as a competitive advantage and to bring their own personal data cases in order to gain consumers’ trust. Citizens will be able to make use of the better protection of their personal data and to gain better control over the way undertakings handle it.
The successful application of the regulation requires cooperation between all participants in the sphere of personal data protection. The benefits and opportunities which are offered by the new rules are not known everywhere to the same extent. There is a need to raise awareness and to aid the efforts that small and medium enterprises put in order to meet the requirements.
From May 2018 and onwards, the European Commission will track how member states apply the new rules and will take the appropriate actions. One year after the coming into force of the Regulation (ie. during 2019), the European Commission will summarize the experience gained in implementing the regulation. The findings will be included in an evaluation and review report, which the Commission has to present by May 2020.