Personal data covers any information relating to an individual, whether it relates to his or her private, professional or public life (name, telephone number, photo, e-mail address, etc.). EU Data Protection rules apply when a person can be identified, directly or indirectly, by such data.
The Commissions’ Data Protection reform launched in 2012 aimed at updating and modernising the principles of Directive 95/46/EC to guarantee the respect for fundamental rights and freedoms, notably the right to protection of personal data.
Data Protection rights give now the data subject (the individuals whose personal data is being processed) more control over their personal data. The new rules also aim at increasing business opportunities in the Digital Single Market and reducing the administrative burdens to companies.
In fact, due to HOTREC’s lobbying activities towards the EU institutions, SMEs specific characteristics were taken into account by the legislator. In this way, for instance, the data protection officer is not mandatory, in case data processing is not the company’s core business; impact assessments are not compulsory; direct marketing is possible under certain circumstances.
Overall, a single set of rules, valid across the entire EU, will apply from 28 May 2018 onwards. This will increase data protection applicability consistency across the entire European Union.