DSE welcomes the adoption of the General Data Protection Regulation

Jeudi, 14 Avril, 2016

Today, the European Parliament adopted the General Data Protection Regulation*, after four years of intense discussions. The adoption, carried without amendments, comes after the inter-institutional agreement reached with the Council in December 2015 and its position adopted at first reading on 8 April 2016.

The Regulation aims at enhancing the level of data protection for individuals whose personal data is processed. The Regulation also introduces a one-stop shop mechanism allowing a company active in several Member States to deal with the data protection authority of its main establishment. In line with DSE views, the Council dropped the principle of 'explicit consent' due to potential unnecessary burdens to companies when processing non-sensitive data, without providing any added value as regards the protection of the data subject.

DSE welcomes the Council approach which lowered the initially proposed thresholds for administrative sanctions, based on the total worldwide annual turnover of the preceding financial year. However, the applicable threshold for sanction remains too high for eventual non-critical infringements. 

In the coming months, data protection authorities are expected to issue implementing guidelines to help companies adjusting to the new rules. DSE awaits for further clarification regarding important provisions which continue to lack legal certainty.

*The Regulation shall enter into force after its publication in the EU Official Journal and it shall apply two years thereafter, i.e. by May 2018.

Air Jordan XVIII 18