Data protection

The new General Data Protection  Regulation - as opposed to its predecessor, the Data Protection Directive ( Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ), which is actually in force till the 24th May 2018, has to be applied not only by companies and other organisation in the European Union but also by a controller or a processor not established in the Union processing of personal data of data subjects who are in the Union. Recital 23 explains a little more: The mere accessibility of a website in the Union, of an email address or of other contact details, or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention, factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ord...

The new General Data Protection Regulation of the EU was voted the 25th May 2016 ans will therefore enter into force the 25th May 2018. As opposed to its predecessor (which will be in force till then) which was a directive, this will be a regulation. The difference is that a directive has to be transposed by national legislation and is therefore subject to "customisation" by the different national legislations. Thus, companies operating in several EU member states were faced with these different rules. The new regulation also defines some questions which member states can regulate but these mainly concern processing of data by their public services. Companies and nonprofits will have to adapt to the same rules whichever member state of the European Economic Area they operate in. By the "one stop shop" and the rules of co-operation between the national data protection authorities will make easier both for data subjects and data controllers to deal with cases conce...