Subscribe to Email Updates

Subscribe

law-1063249_960_720.jpg

Revised General Data Protection Regulation and Who Gets to Pick Up the Bill

By Liviu Arsene on Mar 09, 2016 | 0 Comments

Data protection regulations from the European Parliament and Council have been set in place to safeguard the individual’s right to control how his personal data is used and prevent companies from getting tangled in a legislative web.

The General Data Protection Regulation Act from the European Commission adopted on Jan. 25 2012 proposed new legal frameworks consisting of two legislative proposals regarding the processing of personal data and its free movement, and the protection of individuals when their personal data is used by competent authorities in tackling cybercrime.

However, the European Commission decided that, to keep up with the digital era, reform was needed to strengthen the citizen’s right to data protection. Basically putting an end to the patchwork of rules that existed across EU member states that enabled each country to treat the matter in accordance with internal laws and legislation, the reform package enforces the idea that all EU citizens will benefit from the same data protection rights.

What does this mean for Companies?

Companies will take advantage of benefits provided by the Digital Single Market (DSM), allowing for consistent rules across EU member states, regardless of where they are established within the EU. Instead of dealing with 28 states and paying for consultancy fees individually, they will have a single authority to deal with.

Not only will this ensure legal certainty, but also make it a lot easier to cut through red tape and turn a profit by make decisions more quickly.

An added benefit for SMEs is that they won’t have to report data breaches to individuals, unless it represents a risk to their rights and freedoms. However, this can prove a double-edged sword and it raises potential questions as to when do companies believe user freedoms could be at risk.

How does this benefit users?

Users will be able to move their personal data between service providers, taking advantage of the competitive nature of the European community. As users have more control over their data, small businesses and start-ups will get access to data more quickly and get the opportunity to compete with data privacy giants by winning the battle with user experience.

In turn, regular users will have the option to choose from various providers, without worrying how their data will be ported or how it will be processed by the new privacy provider.

Who picks up the Bill?

Having a single governing body regulating how individual personal data is used is estimated to lead to €2.3 billion per year in savings as businesses no longer have to deal with compliance from 28 member states.

Cutting costs seems to have been the main reason behind the revision. Overall, while the revision is definitely pro privacy and pro user data, it’s also designed to encourage EU companies to expand, thrive and innovate. 

PCI compliance

Share This Post On

Author: Liviu Arsene

Liviu Arsene is a Global Cybersecurity Researcher for Bitdefender, with a strong background in security and technology. Researching global trends and developments in cybersecurity, he focuses on advanced persistent threats and security incidents while assessing their impact in critical public and private business infrastructures. His passions revolve around innovative technologies and gadgets, focusing on their security applications and long-term strategic impact.