EU GDPR (3) - Where it comes from and where it is going

Picture of Christian Kettling

Christian Kettling

November 22, 2017

Our series of articles on the EU GDPR comes to a close: After it in the first post overview, the data concerned, the purpose and scope of application, the the second part with consent, personal data and the right reactions and measures for companies. This article rounds off the series and provides an outlook on the basics and the future of the EU GDPR.

German flag, European flag, flags, EU GDPR, German BDSG, model for EU GDPR, EU GDPR outlook
The German BDSG served as a blueprint for the EU GDPR. (Image: Lord Mayor Stefan Schostok at the public presentation of naturalization certificates on 12.01.2017; © Christian Kettling)

The motivation behind the EU GDPR

The aim of the regulation is to find the right Balance between the protection of personal data data and the free movement of such data to ensure that

The Data Protection Regulation lifts the Protection of personal data to a high level that has never been seen before, at least not in Europe as a whole. The Protection of the rights of the individual and the personal date and their processing are the basis in Article 1: "Subject matter and objectives".

Paragraph 3 continues: "The free movement of personal data in the Union may not be restricted or prohibited on grounds relating to the protection of natural persons with regard to the processing of personal data."

The regulation is therefore intended to Data protection serve as well as the Simplification of processing enable.

National legislation and its options under the EU GDPR

Car license plate, Europe and Germany, D, national legislation, EU GDPR, EU GDPR outlook, summary of the EU GDPR, BDSG new April 2017
Specification clauses in national legislation: The BDSG NEW of 2017 has been reformed. (Image: © Christian Kettling)

An additional National legislation is not requirednevertheless possible. Some articles contain "opening clauses" or "specification clauses". This gives countries the opportunity to define national interests.

The Federal Data Protection Act (BDSG) as last amended in 2009 has served as a blueprint for the revision of the EU directive. A large number of changes are now required by the European regulation.

The BDSG NEW of April 2017 unnecessarily repeated the elements already laid down in the European regulation as paragraphs in the law and - beyond the extent permitted by the specification clauses Requirements defined.

Due to the unplanned national specification, the BDSG NEW will be replaced after May 2018 by Legal disputes and contradictions The way it is exercised is paralyzed and, in my opinion, will have to be fundamentally reformed.

Nevertheless, companies that have complied with the previous legislation, high need for adaptation.

Conclusion on the EU GDPR: balancing act or legal certainty in the EU regulation jungle?

historical, Montabaur, German jurisdiction, legal basis, BDSG, law reform, EU GDPR outlook, EU GDPR conclusion
The balance between the protection of individual rights and the free movement of personal data must be maintained: The foundations of German jurisdiction and data protection have arrived in the present day. (Image: © Christian Kettling)

The aim of the EU regulation is to Balance between the protection of personal data data and the free movement of such data. The protection of personal data and the rights of the individual called for new regulations on a completely new scale and across Europe. The central challenge of the EU GDPR can be found verbatim in paragraph 3 of the same regulation:

"The free movement of personal data in the Union may not be restricted or prohibited on grounds relating to the protection of natural persons with regard to the processing of personal data."

With the EU GDPR, the Commission has brought data protection into the 21st century and set the course for future data processing in many conceivable ways. At the same time, however, extensive adjustments and measures will be necessary on the part of companies - even if they have always complied with previous legislation.

Over the next few months...

... we will accompany the transformation process to EU data protection. Data protection must be relaunched for all applications. New content must be provided for this, such as

  • Privacy-friendly basic settings
  • Information on the purpose of the data collected
  • Notes on the Privacy Code of Conduct
  • Clearer design for consents and refusals.

It also requires:

  • A directory of procedures
  • New contracts for order processing
  • The provision of collected data for information purposes, for example with CSV files
  • Enabling data portability.

This EU harmonization sets in motion a multitude of changes and extensive "changes" that affect a large number of processes and place high demands on documentation. The clock is ticking ...

(Cover picture: © Christian Kettling)

About the author

Picture of Christian Kettling

Christian Kettling

Christian Kettling has been a TCI partner and expert in data protection and IT since 2009. His current thematic focus is the EU GDPR. He gives training courses, lectures and advises companies on this topic.

Share this article on social media

More blog articles

More from our blog

Harrlachweg 2

68163 Mannheim
Germany

CONTACT

Do you have an request? With pleasure!

© 2024 TCI - All rights reserved.