The new EU regulation and directive means that any European company currently storing and or transferring data outside of the EU will need to review their current arrangements. For instance, if your company uses a supplier who processes or stores EU citizens data outside of Europe then contractual liability for the misuse of data by said third party may need to be changed.
The potential fines by the various EU data protection agencies can be severe if an EU company fails to take protective measures.
On the 4th of May 2016, the official texts of the Regulation and the Directive were published in the EU Official Journal in all the official languages. While the Regulation will enter into force on 24th of May 2016, it shall apply from the 25th May 2018.
The Directive enters into force on the 5th of May 2016 and EU Member States have to transpose it into their national law by the 6th of May 2018.
If your business handles personal data it’s important that you follow developments in your country to ensure you know when local legislation is updated and get your company on the path to full compliance.
Organisations that collect and manage personal information must protect it from misuse and respect the rights of the data owners. Every day within the EU, businesses, public authorities and individuals transfer vast amounts of personal data across borders. Conflicting data protection rules in different countries disrupt this international exchange.
Common EU rules have been established to ensure that personal data enjoys a high standard of protection everywhere in the EU. End users have the right to complain and obtain redress if your data is misused anywhere within the EU.
The EU’s Data Protection Directive also foresees specific rules for the transfer of personal data outside the EU to ensure the best possible protection when this data is exported abroad.
More information can be found on the official website. Click here.