The European Union has approved the new legislation regarding the protection of personal data. On 8 April 2016, the Council of Ministers of the EU adopted its position at first reading. Subsequently, the European Parliament has approved the new legislation on 14 April 2016 during the plenary session of the European Parliament. The legislation has not been published in the Official Journal as yet and, therefore, has not yet entered into force.
What will happen?
After approval by the European Parliament, the next step is that the new legislation is published in the Official Journal of the EU. The revised General Data Protection Regulation will enter into force 20 days after publication in the Official Journal. As soon as the General Data Protection Regulation has taken effect, Europa decentraal will inform you about this on its website. After the regulation has entered into force, the member states will still have two years before they must comply with the rules laid down in the regulation.
The revised General Data Protection Regulation (GDPR)
With this new regulation, the protection of personal data in the European Union will be equal in all member states. The new regulation is intended to replace the former Directive on the protection of personal data of 1995. Important provisions for the (local and regional) authorities in the GDPR include:
- provisions regarding the mandatory appointment of a Data Protection Officer;
- provisions regarding the form of consent by the person involved;
- provisions regarding the right to be forgotten;
- provisions regarding the supervising authority;
- provisions regarding penalties.
Femke Salverda, Europa decentraal