Did you Know?

After four years of deliberation, the European Union (EU) has finalised and will put in force, on May 25 2018, a strict legislation (Regulation 2016/679) for protecting EU citizens against misuse of their personal data and privacy rights.


EDC News: EU General Data Protection Regulation (GDPR)

Statistics (2016) have shown that over a quarter (28%) of EU-28 internet users refused to provide personal information over the internet.  EU citizens, regardless the EU Data Protection Directive 95/46/EC, are still wary about the personal data companies are collecting about them and how it is being used (EC Fact sheet – GDPR). In consideration of these concerns, the EU enhanced the 1995 Data Protection Directive, which is now the General Data Protection Regulation (GDPR). The GDPR is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. The GDPR will automatically bind all Member States once it is enforced on 25 May 2108.

An important feature of the GDPR is the provision of rights aimed at giving EU citizens more control over their personal data:

  • Right to be informed about what is been done to your data (Article 13 & 14)
  • Right to access your data (Article 15)
  • Right of rectification (Article 16) allows citizens to modify already submitted data where they deem fit
  • Right to Erasure aka Right to be forgotten (Article 17) allows EU citizens to ask for the removal or erasure of their data, subject to exceptions of data, e.g. criminal records, police reports etc.
  • Right to data portability (Article 20) allows citizens to transfer their data from one enterprise to another in a readable format
  • Right to restrict processing (Article 18) allows customers to restrict the processing of data if it is incorrect, there is no need for the data, and the processing is unlawful (GDPR specifies when this is so)
  • Right to object (Article 21) to the data that is being held or the way it is being used
  • Right related to Automated Decision Making and Profiling (Article 22) protects customers to not being subjected to decisions that are based solely on automated processing
  • Right related to Data Breach Notification (Article 34), which ensures the data controller reports breaches that are likely to result in a high risk to the rights and freedoms of the data subjects

Similarly, the GDPR states that companies must adhere to data protection legislation, “privacy by design”, when designing their systems. Failure to implement these rules will lead to heavy fines.

For more information:



All Blogs

EU Press Releases (RAPID)

EU Official Journal

EU Newsroom