Our series of articles on the EU GDPR comes to a close: After it in the first post overview, the data concerned, the purpose and scope of application, the the second part with consent, personal data and the right reactions and measures for companies. This article rounds off the series and provides an outlook on the basics and the future of the EU GDPR.
The motivation behind the EU GDPR
The aim of the regulation is to find the right Balance between the protection of personal data data and the free movement of such data to ensure that
The Data Protection Regulation lifts the Protection of personal data to a high level that has never been seen before, at least not in Europe as a whole. The Protection of the rights of the individual and the personal date and their processing are the basis in Article 1: "Subject matter and objectives".
Paragraph 3 continues: "The free movement of personal data in the Union may not be restricted or prohibited on grounds relating to the protection of natural persons with regard to the processing of personal data."
The regulation is therefore intended to Data protection serve as well as the Simplification of processing enable.
National legislation and its options under the EU GDPR
An additional National legislation is not requirednevertheless possible. Some articles contain "opening clauses" or "specification clauses". This gives countries the opportunity to define national interests.
The Federal Data Protection Act (BDSG) as last amended in 2009 has served as a blueprint for the revision of the EU directive. A large number of changes are now required by the European regulation.
The BDSG NEW of April 2017 unnecessarily repeated the elements already laid down in the European regulation as paragraphs in the law and - beyond the extent permitted by the specification clauses Requirements defined.
Due to the unplanned national specification, the BDSG NEW will be replaced after May 2018 by Legal disputes and contradictions The way it is exercised is paralyzed and, in my opinion, will have to be fundamentally reformed.
Nevertheless, companies that have complied with the previous legislation, high need for adaptation.
Conclusion on the EU GDPR: balancing act or legal certainty in the EU regulation jungle?
The aim of the EU regulation is to Balance between the protection of personal data data and the free movement of such data. The protection of personal data and the rights of the individual called for new regulations on a completely new scale and across Europe. The central challenge of the EU GDPR can be found verbatim in paragraph 3 of the same regulation:
"The free movement of personal data in the Union may not be restricted or prohibited on grounds relating to the protection of natural persons with regard to the processing of personal data."
With the EU GDPR, the Commission has brought data protection into the 21st century and set the course for future data processing in many conceivable ways. At the same time, however, extensive adjustments and measures will be necessary on the part of companies - even if they have always complied with previous legislation.
Over the next few months...
... we will accompany the transformation process to EU data protection. Data protection must be relaunched for all applications. New content must be provided for this, such as
- Privacy-friendly basic settings
- Information on the purpose of the data collected
- Notes on the Privacy Code of Conduct
- Clearer design for consents and refusals.
It also requires:
- A directory of procedures
- New contracts for order processing
- The provision of collected data for information purposes, for example with CSV files
- Enabling data portability.
This EU harmonization sets in motion a multitude of changes and extensive "changes" that affect a large number of processes and place high demands on documentation. The clock is ticking ...
(Cover picture: © Christian Kettling)