Pharma Compliance Info Progress on EU data protection reform now irreversible following European Parliament vote Data Protection

Progress on EU data protection reform now irreversible following European Parliament vote

The European Parliament cemented recently the strong support previously given at committee level to the European Commission’s data protection reform by voting in plenary with 621 votes in favour, 10 against and 22 abstentions for the Regulation and 371 votes in favour, 276 against and 30 abstentions for the Directive).
What will the data protection reform do for economic growth?
One continent, one law: The Regulation will establish a single, pan-European law for data protection, replacing the current inconsistent patchwork of national laws. Companies will deal with one law, not 28. The benefits are estimated at €2.3 billion per year.
One-stop-shop: The Regulation will establish a ‘one-stop-shop’ for businesses: companies will only have to deal with one single supervisory authority, not 28, making it simpler and cheaper for companies to do business in the EU.
The same rules for all companies – regardless of their establishment: Today European companies have to adhere to stricter standards than their competitors established outside the EU but also doing business on our Single Market. With the reform, companies based outside of Europe will have to apply the same rules. European regulators will be equipped with strong powers to enforce this: data protection authorities will be able to fine companies who do not comply with EU rules with up to 2% of their global annual turnover. European companies with strong procedures for protecting personal data will have a competitive advantage on a global scale at a time when the issue is becoming increasingly sensitive.
What will the data protection reform do for citizens?
The data protection reform will strengthen citizens’ rights and thereby help restore trust. Better data protection rules mean you can be more confident about how your personal data is treated, particularly online. The new rules will put citizens back in control of their data, notably through:
A right to be forgotten: When you no longer want your data to be processed and there are no legitimate grounds for retaining it, the data will be deleted. This is about empowering individuals, not about erasing past events or restricting freedom of the press.
Easier access to your own data: A right to data portability will make it easier for you to transfer your personal data between service providers.
Putting you in control: When your consent is required to process your data, you must be asked to give it explicitly. It cannot be assumed. Saying nothing is not the same thing as saying yes. Businesses and organisations will also need to inform you without undue delay about data breaches that could adversely affect you.
Data protection first, not an afterthought: ‘Privacy by design’ and ‘privacy by default’ will also become essential principles in EU data protection rules – this means that data protection safeguards should be built into products and services from the earliest stage of development, and that privacy-friendly default settings should be the norm – for example on social networks.
What does the reform do for SMEs?
The data protection reform is geared towards stimulating economic growth by cutting costs and red tape for European business, especially for small and medium enterprises (SMEs). First, by having one rule instead of 28 the EU’s data protection reform will help SMEs break into new markets. Second, the Commission has proposed to exempt small and medium enterprises (SMEs) from several provisions of the Data Protection Regulation – whereas today’s 1995 Data Protection Directive applies to all European companies, regardless of their size. Under the new rules, SMEs will benefit from four reductions in red tape:
Data Protection Officers: SMEs are exempt from the obligation to appoint a data protection officer insofar as data processing is not their core business activity.
No more notifications: Notifications to supervisory authorities are a formality and red tape that represents a cost for business of 130 million euro every year. The reform will scrap these entirely.
Every penny counts: Where requests to access data are excessive or repetitive, SMEs will be able to charge a fee for providing access.
Impact Assessments: SMEs will have no obligation to carry out an impact assessment unless there is a specific risk.
The rules will also be flexible. The EU rules will adequately and correctly take into account risk. We want to make sure that obligations are not imposed except where they are necessary to protect personal data: the baker on the corner will not be subject to the same rules as a (multinational) data processing specialist. In a number of cases, the obligations of data controllers and processors are calibrated to the size of the business and to the nature of the data being processed. For example, SMEs will not be fined for a first and non-intentional breach of the rules.
…with effective sanctions
The European Parliament agrees that national data protection authorities need to be able to impose effective sanctions in case of breach of the law. It has proposed strengthening the Commission’s proposal by making sure that fines can go up to 5% of the annual worldwide turnover of a company !

Check Also

Pharma Compliance Info CNIL | Blockchain et RGPD : quelles solutions pour un usage responsable en présence de données personnelles ? Data Protection

CNIL | Blockchain et RGPD : quelles solutions pour un usage responsable en présence de données personnelles ?

La Blockchain est une technologie au potentiel de développement fort qui suscite de nombreuses questions, …