European Union of Private Hospitals

GDPR: European Commission publishes guidelines on upcoming new data protection rules

On 24th January the European Commission published some guidelines on the new data protection rules across the EU (GDPR).

The General Data Protection Regulation enables the free flow of data across the Digital Single Market. The GDPR will enter into force on next 25th May 2018, only 100 days left to prepare for this important change.

The EC’s guidelines recall the main elements of the new data protection rules:

  • One set of rules across the continent, guaranteeing legal certainty for businesses and the same data protection level across the EU for citizens.
  • Same rules apply to all companies offering services in the EU, even if these companies are based outside the EU.
  • Stronger and new rights for citizens: the right to information, access and the right to be forgotten are strengthened. A new right to data portability allows citizens to move their data from one company to the other.
  • Stronger protection against data breaches: a company experiencing a data breach, which put individuals at risk, has to notify the data protection authority within 72 hours.
  • Rules with teeth and deterrent fines: all data protection authorities will have the power to impose fines for up to EUR 20 million or, in the case of a company, 4% of the worldwide annual turnover.

In addition to the guidelines, the Commission has launched a new practical online tool to help citizens, businesses, in particular SMEs, and other organisations to comply and benefit from the new data protection rules.

You can find all relevant information here: http://europa.eu/rapid/press-release_IP-18-386_en.htm