New EU Data Protection Regulations to be implemented in May 2018

In just half a year new data protection regulations are coming into effect. This new set of legislation will be enshrined into EU law on the 25th of May 2018. They are aimed at giving more control to Internet users over their personal data. Altering the data protection regulations will also have a significant impact on companies and institutions worldwide.

More Control over Personal Data

For four years the EU has been debating and ironing out these changes. In 2016 the European Council, European Parliament and the European Commission agreed to the new regulations. They agreed that two years would be enough time for companies to plan for adopted changes. The new data protection regulations are based on the 1995, 95/46/EG guidelines. In contrast to guidelines, regulations are legally binding for all EU member states.

With these data protection regulations, the individual Internet user will have more control over their personal data when they surf the internet or use internet-enabled apps. Every EU citizen will now have the right to learn who and how their personal data is being collected, what data is being collected and to be informed in the event of an attack.

The Principles behind EU Data Protection Regulations

Additionally, users should be able to take the data that data providers have gathered and have a “right to forget” where a user can demand that a company deletes their personal data. The age threshold for which consent can be given (to collect and use personal data) has been raised from 13 to 16.

These regulations are not only applicable to EU companies but for any companies operating within the EU – namely the US tech giants.

The legislation is based on 6 principles, which are enshrined in article 5 of the EU data protection regulations:

  • Legitimacy: Data collection has to be fully transparent and traceable.
  • Appropriation: Data may only be collected for legitimate reasons.
  • Minimization of Data: Only as much data as is necessary may be collected.
  • Validity: Invalid data must be deleted immediately.
  • Time Limits: Data may only be saved for a short period of time before being deleted.
  • Integrity and Trustworthiness: The security of data must be safeguarded.

Here you can find the complete regulations

High Fines for Violations

Companies violating these regulations may receive fines of up to 4% of their total yearly revenues. larger companies could be facing billions of Euros in fines. Which should prove to be quite an incentive to abide by new legislature. For example, from May onwards companies will have to implement these changes onto the basic settings of devices and apps to ensure that the new data security standards are maintained. This is valid for website providers, app developers, clubs, associations – every organization that collects and saves personal data.

The new data protection regulations standardize the data protection rights in all EU member states, EU companies as well as companies that wish to operate within the EU. However, the regulations have drawn some criticism due to several loopholes, which allow member states to form separate data protection legislature.

EU-e-Privacy Regulations

Additionally, the EU e-Privacy Regulation should enter into force following recent approval by the European Parliament. There are still discussions with member states regarding certain aspects of the legislation.

The EU-e-Privacy-Regulations would tighten the existing legislation to ensure that the tracking of users via Cookies will be considerably reduced. Users should not only receive notifications that cookies are being used and they are being tracked. Indeed, they will gain the ability deny websites these tracking rights.