General Data Protection Regulation

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

The General Data Protection Regulation (GDPR) (Regulation (European Union) 2016/679) was adopted on 27 April 2016. It took effect on 25 May 2018.

The regulation is approved by the European Parliament, the Council of the European Union and the European Commission. It protects people's personal data throughout the European Union (EU). The decree also affects data exports from the EU.

The GDPR is aimed at giving citizens control over their personal data. It simplifies regulations for economic relations with other countries by making the EU procedures standardised. The GDPR replaces the Data Protection Directive of 1995. The new GDPR law doesn't need any changes in local laws within the EU. The regulation is binding.

People and companies who don't comply with the GDPR law may face a fine of up to 20,000,000 euros, or up to 4% of the company's profits from the previous year, whichever number is higher.

Rules enforced[change | change source]

The General Data Protection Regulation enforces rules that protect people against a wide variety of privacy issues. It enforces the right for people to lawfully agree with companies to use their private information. It also enforces the right for people to have their private information no longer accessible by a company. It also enforces that users have the right to allow their private information to become public or not. The regulation also makes sure that no personal data is processed unless the user has allowed the processor of personal data to do so.

Timeline[change | change source]

  • 25 January 2012: The proposal[1] for the GDPR was released.
  • 21 October 2013: The European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) vote for whether GDPR should become the new regulation for people in Europe.
  • 15 December 2015: The European Parliament, Council and Commission (Formal Trilogue meeting) discuss about the General Data Protection Regulation. On that day, the GDPR has resulted in a joint proposal.
  • 17 December 2015: The European Parliament's LIBE Committee voted for the negotiations between the three parties.
  • 8 April 2016: The General Data Protection Regulation has been adopted by the European Union.[2] The only member state voting against was Austria, which argued that several aspects of the new regulation are not satisfactory when compared to the Data Protection Directive.[3][4]
  • 14 April 2016: The General Data Protection Regulation has been adopted by the European Parliament, replacing the Data Protection Directive that they previously used.[5]
  • 24 May 2016: The General Data Protection Regulation has started to be used around the world, but it is not yet fully enforced. This is 20 days after the General Data Protection Regulation has been published by the Official Journal of the European Union.[6]
  • 25 May 2018: The General Data Protection Regulation becomes fully enforced around the world. This has been two years since the regulation has been created.[6]
  • July/August 2018: GDPR will be enforced in Iceland, Liechtenstein, and Norway. These three countries have joined the EEA Joint Committee, as they all agreed to follow the regulation.[7]

References[change | change source]

  1. "Data protection" (PDF). European Commission – European Commission. 
  2. "Data protection reform: Council adopts position at first reading – Consilium". Europa (web portal). 
  3. Adoption of the Council's position at first reading, Votewatch.eu
  4. Written procedure, 8 April 2016, Council of the European Union
  5. "Data protection reform – Parliament approves new rules fit for the digital era – News – European Parliament". 
  6. 6.0 6.1 "Official Journal L 119/2016". eur-lex.europa.eu. Retrieved 26 May 2018. 
  7. Coll, Line; Riisnæs, Rolf. "Implementing the GDPR in Norway". Wikborg|Rein. Retrieved 26 May 2018.