EUROPEAN REGULATIONS FOR PERSONAL DATA
In the second reading on the 14th of April 2016, the European Parliament permanently approved the European regulation on the protection of personal data.
This regulation will be fully applied following the 20th June of 2018.
On the 27th of January of 2012 the European Parliament started working on the proposition of a regulation that controlled the treatment of personal data and its circulation (called “Regolamento Generale sulla Protezione dei Dati”, or GDPR – General Data Protection Regulation).In March 2015 a trialogue between the Commission, the European Parliament and the Council of States was opened; it consisted of a communal table in which they discussed about the possible approval of a definitive version of the GDPR. In the second reading on the 14th of April 2016, the European Parliament permanently approved the European regulation on the protection of personal data. These regulations will be fully applied following the 20th June of 2018.
Regulations are a binding legislative act; they must be applied everywhere around Europe and in its entirety.
A guideline is a legislative act that establishes an objective that all the countries in Europe must follow. However, each country is free to decide how to pursue this objective.
For example, this happened with the Privacy guideline: the law calls for a minimal level of security, but each country differentiated their regulations to fit their needs. Minimal levels of security and appropriateness have been established in Italy too.
What are the differencies?
– The “Right to be forgotten” has been reinforced to help people manage their online data against risks in better ways: if someone doesn’t want to allow their personal data treatment, and there are no legitimate motivations to preserve them, the data will be deleted.
The rules are there to help individuals, not to restrict the freedom of the press or forget the past.
– Easy access to ones personal data is provided.
– The right to freely move ones data to one service provider to another (data portability)
– The approval must be explicitly given for the treatment of a particular kind of data
– Those who work with personal data will have greater responsibility and duty.
– Supervisors for personal data must be appointed in enterprises with 250 or more employees.
– DATA BRIDGE NOTIFICATION: The enterprise has the obligation to call the authorities if they detect an intrusion or sensible data gets stolen in their network. If the authorities think that the enterprise does not respect the European standards for the data security, they have the right to force the enterprise to tell the “victims” of the attack, who might decide to pursue legal action.
– Minimal security measures will be replaced by the appropriateness’ concept that will be evaluated considering the risks and that will follow a new criterion (like the “cost of implementation”: multinational or smaller enterprises are free to make different choices).