Overview
Data Protection Commission
Fact sheet January 2018
EU Data Protection Reform:
better data protection rights for European citizens
250 million people are now using the internet every day in Europe. We’re sharing more and more of our
personal data – whether through online banking, shopping, social media or electronic tax returns.
In this fast-changing digital age, your right to protect your personal
data is something which must be safeguarded. There are numerous
potential risks, such as unauthorised disclosure, identity theft or online
abuse, to name a few. Protection of personal data is a fundamental right
for everyone in the EU.
The new data protection rules will kick in on 25 May 2018 and will give
you more control over your personal data and improve your security both
online and offline.
YOUR NEW RIGHTS:
What is personal data?
It is any information that relates to an identified
or identifiable living individual. For example: name,
surname, home address, e-mail address, location data.
(More information: Art. 4 (1) of the Regulation)
> A right to receive clear and understandable information
about who is processing your data, what data they are processing and why they are
processing it.
(Art. 12-14 of the Regulation)
> A right to request access to the personal data
an organisation has about you.
(Art. 15 of the Regulation)
> A right to request one service provider to
transmit your personal data to another service
provider, e.g. when switching from one to another internet social
network, or switching to another cloud provider.
(Art. 20 of the Regulation)
>>
2 EU Data Protection Reform: better data protection rights for European citizens
> If your data is lost or stolen, and if this data breach could harm you, the
company causing the data breach will have to inform you (and the relevant data
protection supervisory authority) without undue delay. If the company doesn’t do
this, it can be fined. Recent attacks, such as WannaCry, Meltdown and Spectre, or
the Uber case show how important this new right is.
(Art. 33-34 of the Regulation)
> Better protection of children online. Children may be less aware
of the risks and consequences of sharing data and are less aware of their rights.
This is why any information addressed specifically to a child will need to be adapted
to be easily accessible, using clear and plain language.
(Art. 8 of the Regulation)
> A right ‘to be forgotten’. You will be able to ask to delete your personal
data if you no longer want it to be processed, and there is no legitimate reason for
a company to keep it. For example, when you type your name into an online search
engine, and the results include links to an old newspaper article about the debt you
long paid, you will be able to ask the search engine to delete the links (unless you
are a public figure or your interest in removing the article outweighs the general
public’s interest in accessing the information).
(Art. 17 of the Regulation)
> In cases when companies need your consent to process your data, they will
have to ask you for it and clearly indicate what use will be made of your personal
data. Your consent must be an unambiguous indication of your wishes and be
provided by an affirmative action by you. So, the companies won’t be able to hide
behind long legalistic terms and conditions that you never read.
(Art. 4 (11) and 7 of the Regulation)
FOR MORE INFORMATION ABOUT YOUR RIGHTS UNDER THE NEW
DATA PROTECTION RULES, YOU CAN CONSULT OUR WEB GUIDANCE:
europa.eu/dataprotection