European Union (EU) are based on
the Data Protection Directive 95/46/
EC. In the 21 years since the current
data protection rules were adopted,
a lot has changed. According to the
information released by the European
Commission, 250 million people use the
Internet daily in Europe. Furthermore,
new ways of communicating, such as
online social networks, have significantly
changed the way people use and share
personal information. In addition, the
development of cloud computing means
that data is stored in remote computer
servers instead of in personal computers.
The flow of data has become increasingly
globalized, in that personal information
is collected, transferred and exchanged
in large quantities, across the globe in
milliseconds.
Such change in the development
of electronic communication and use
of personal data has contributed to
the widespread perception in the EU
that the current data protection rules
do not provide an adequate level of
protection. Studies from the European
Commission show that half of European
Internet users are worried about being
a victim of a fraud through misuse of
their personal information, while around
seven out of ten people are concerned
about their information being used for
a purpose different from the one it was
collected for. Moreover, current data
protection rules mean that businesses
in the EU have to deal with 28 different
administrative burden, making it difficult
for companies to access new markets.
All of this has caused a lot of
discussion about the necessity to reform
the current data protection rules.
Such discussions in the end resulted
in adoption of the Regulation (EU)
2016/679 the so-called General Data
Protection Regulation (GDPR). The
GDPR went into effect on May 24, 2016,
and all EU member states are required
to implement the same into their national
legislation by May 6, 2018. At this time,
the GDPR will completely replace the
currently applicable data protection rules
based on the Data Protection Directive
95/46/EC. The proclaimed goals of the
GDPR are to achieve a balance between
the free movement of personal data
and protection of the same, as well as
to strengthen the internal market by
establishing one single law applicable
across the EU. It also aims to simplify
the regulatory environment, principally
through establishment of a "one-
stop-shop" system (i.e. each business
organization will have to answer to just
one single data protection authority)
and suppress different formalities
that are perceived as burdensome and
unnecessary, such as general notification
requirements.
Within its goals, the GDPR aims to
strengthen the citizen's fundamental
rights in the digital age by introducing
more transparency of how personal
Vukmir & Associates, where he specializes in
corporate law, commercial law and intellectual
property/information technology law, including
data privacy. He is a frequent speaker on various
topics concerning data privacy.
Associates, where her practice areas include
commercial law, company law, advertisement
law and intellectual property law.
Associates. She recently graduated with her law
degree, and is interested in intellectual property
law, information technology law, and air and
space law.
Gramaca 2L
Zagreb 10000 Croatia
vukmir.net