Members States must have transposed the Data Protection Directive for the police and justice sectors into national legislation. It will be applicable from this day.

Did You Know

Privacy by Design

• Organisations processing personal data must take measures to ensure that the data is protected by design.
  The aim of privacy by design is to build privacy and data protection into the design and architecture of information and communication systems and technologies so that they comply with privacy and data protection principles.

Did You Know

Your Data Protection Rights

• The GDPR reinforces a wide range of existing rights and establishes new ones for individuals including:
• the right to erasure (right to be forgotten); you can request that an organisation delete your personal data, for instance where your data are no longer necessary for the purposes for which they were collected or where you have withdrawn your consent.

The European Parliament, the Council and the Commission reach an agreement on the GDPR.

Did you know

International Data Transfers

• The GDPR ensures that the rights and safeguards it provides to individuals in the EU are preserved when their data are transferred outside of the Union
• The European Commission will continue to adopt adequacy decisions where a country offers a legal framework for data protection that is essentially equivalent to the EU.
• Without an adequacy decision, data can be transferred to a country if the processing organisation puts in place binding corporate rules, contractual clauses or other appropriate safeguards.
• Without these, transfers can only take place under strict circumstances, for example, with the consent of the individual or where the transfer is necessary for the conclusion or the performance of a contract. 

Did you know

The European Data Protection Board

• The European Data Protection Board will replace the Article 29 Working Party. The European Data Protection Supervisor will provide the secretariat for this new, independent European body of which all European data protection authorities will be members. The role of the EDPB will be to ensure the consistency of the application of the GDPR throughout the Union, through guidelines, opinions and decisions.

The Article 29 Working Party provides further input on the data protection reform discussions.

Did you know

Data breach notification

• Organisations must notify data breaches to their data protection authority within 72 hours unless the breach is unlikely to pose a risk for individuals. In specific cases, they will have to inform the affected individuals.

The European Data Protection Supervisor adopts an Opinion on the Commission's data protection reform package.

Did you know

Accountability

• The accountability principle means that organisations and any third parties who help them in their data processing activities must be able to demonstrate that they comply with data protection principles. This includes for instance, documenting their processing activities to prove that they adopted appropriate measures and steps to implement their obligations. In certain cases, organisations will have to carry out a data protection impact assessment.

The European Data Protection Supervisor publishes an Opinion on the European Commission's Communication.

Did you know

The GDPR kickstarts the updating of other regulations...

• Member States are entitled to provide specific rules or derogations to the GDPR, where freedom of expression and information is concerned; or in the context of employment law; or to preserve scientific or historical research. 
• Similarly, the entry into force of the GDPR requires the updating of other EU regulations, such as the revision of the ePrivacy directive which regulates the confidentiality of communications and the use of cookies, or Regulation 45/2001 which applies to the EU institutions when they process personal data.