On Tuesday, the new EU regulations regarding Big Data went into force. This affects all companies and authorities who are registering and storing personal data. This replaces the patchwork of rules and regulations that exist today:
On 4 May 2016, the official texts of the Regulation and the Directive have been published in the EU Official Journal in all the official languages. While the Regulation will enter into force on 24 May 2016, it shall apply from 25 May 2018. The Directive enters into force on 5 May 2016 and EU Member States have to transpose it into their national law by 6 May 2018. ( Read more)
The major points of the legislation are (source Wikipedia) :
- Responsibility and accountability: controllers have much more responsibility for the proper management of personal data.
- Consent: Valid consent must be explicit for data collected. Consent for children under 16 must be given by child’s parent or custodian.
- Data Protection Officer: A person with expert knowledge of data protection law and practices should assist the controller.
- Data breaches: Breaches must be reported to the Supervisory Authority as soon as they become aware of the data breach.
- Right to erasure: The data subject has the right to request erasure of personal data related to him.
- Data portability: A person shall be able to transfer their personal data from one electronic processing system to and into another.
Further reading: The EU Data Protection Reform and Big Data Factsheet (PDF)
With regards to exporting data outside the EU, the now invalid Safe Harbour agreement has been replaced with the new EU-U.S Privacy Shield which is promises to improve the handling of EU citizens data by U.S. authorities and companies.
Further reading:EU-U.S. Privacy Shield (PDF)