Numerous changes ahead
The reform aims at providing greater clarity and enhancing coherence when it comes to the application of rules, which will boost consumer confidence and enable companies to better take advantage of the opportunities offered by the Digital Single Market. Changes include:
One continent, one law
The new regulation will establish a single set of rules. According to the European Commission, it will thus become easier and less costly for companies to operate across the EU.
Application of European rules on European territory
Foreign companies will need to apply the same set of rules than European ones whenever they offer goods or services on the European market or engage in monitoring of European citizens. This means that big American entities such as Facebook, Google or Apple are directly concerned.
Elimination of notifications/ authorization requests
According to the Commission, companies are spending up to 130 million euros each year on formal reporting obligations. The reform will reduce these costs to a minimum.
Accountability
The regulation contains a set of measures destined at reinforcing the accountability of companies and public organisations and thus to ensure effective compliance with the new rules.
Data breach notifications
Data controllers will need to report data breaches which pose a significant risk to the rights and freedoms of data subjects to the CNPD within 72 hours of discovery.
Data protection by design and by default
To ensure that data protection provisions stand the test of time, the regulation introduces the principles of data protection by default and by design. This denotes the incorporation of data protection safeguards into the very design of goods and services. It also encourages the use of techniques, such as pseudonymisation or anonymization, which will enable companies and organisations to better exploit the potential of big data while protecting privacy.
Development of the role of the Data Protection Officer
Public organisations and companies that engage in certain forms of data collection or processing (such as regular and systematic monitoring of sensible data or large scale data processing) must appoint a Data Protection Officer designated to ensure compliance with the new regulation. Other data controllers and processors are encouraged to do so as well.
Possibility to receive fines
Data controllers can be fined up to 20 million euros or 4% of the total worldwide annual turnover (whichever is highest) for noncompliance with the new Regulation.
Other resources and presentations
Conférence CNPD/SMC du 11 octobre 2016 |
Intervenant |
Téléchargement |
| Responsables de traitement et sous-traitants: mise en conformité et responsabilités accrues. | Héloïse Bock, Avocat à la Cour, Conseiller d'Etat | Présentation FR |
| Défis et mise en place opérationnelle d'une analyse d'impact relative à la protection des données | Violaine Langlet, Agence eSanté | Présentation FR |
| Le délégué à la protection des données: évolution du rôle et acquisition de nouvelles compétences | Arnaud Constant, APDL | Présentation FR |
Séances d'informations du 14 au 18 novembre 2016 |
Intervenant |
Téléchargement |
Tronc commun Eléments du règlement communs à tous les secteurs d'activités |
Mélanie Gagnon, APDL Vincent Wellens, APDL |
Présentation FR/ EN |
Contenu spécialisé Eléments du règlement touchant un secteur d'activités en particulier |
14 nov: Banques et professionnels du secteur financier (Max Spielmann, ancien chargé de mission SMC) 15 nov: Sous-traitants informatiques, PSF de support et non PSF (Michael Hofmann, APDL) 16 nov: Domaines de la santé et de la recherche (Claire Leonelli, APDL) 17 nov: Développement: logiciels, web, Apps, etc. (Nicolas Sanitas, InTech et Xavier Lefevre) 18 nov: Startup (Rima Guillen, APDL)
|
Présentation EN |
Solutions technologiques Qu'en est-il des solutions technologiques pour faciliter la mise en oeuvre du règlement? |
Alain Herrmann, CNPD Sébastien Pineau, LIST |
Présentation FR/ EN |