The Reform package will put an end to the patchwork of data protection rules that currently exists in the EU.
Andrus Ansip, Vice-President for the Digital Single Market, said: “Today’s agreement is a major step towards a Digital Single Market. It will remove barriers and unlock opportunities.”
He said that privacy and data protection should not hold back economic activities, but should be seen as an essential competitive advantage.
The EU’s next step is now to remove “unjustified barriers” which limit cross-border data flow. This is when local practice and sometimes national law, limits storage and processing of certain data outside national territory.
Věra Jourová, Commissioner for Justice, Consumers and Gender Equality said the new pan-European rules are good for citizens and good for businesses.
“Citizens and businesses will profit from clear rules that are fit for the digital age, that give strong protection and at the same time create opportunities and encourage innovation in a European Digital Single Market. And harmonised data protection rules for police and criminal justice authorities will ease law enforcement cooperation between Member States based on mutual trust, contributing to the European Agenda for Security.”
Basically the reform will allow people to regain control of their personal data. Two-thirds of Europeans (67 per cent), according to a recent Eurobarometer survey, stated they are concerned about not having complete control over the information they provide online.
They will make it easier access to your own data so that they can say how their data is processed. They will be able to transfer personnal data between service providers.
There will be improvements to the “right to be forgotten” when you no longer want your data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted.
The EU will enshrine the right to know when your data has been hacked so that companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible so that users can take appropriate measures.
The regulation will establish one single set of rules which will make it simpler and cheaper for companies to do business in the EU and there will be one single supervisory authority. This is estimated to save €2.3 billion per year.
One interesting rule change is that SMEs are exempt from the obligation to appoint a data protection officer insofar as data processing is not their core business activity. This removes the current requirement in the UK for small clubs and businesses to treat their membership lists in the same way as big multinationals.
Following political agreement, the final texts will be formally adopted by the European Parliament and Council at the beginning 2016. The new rules will become applicable two years afterwards.