Working document met belangrijkste wijziging persoonlijke data
WORKING DOCUMENT on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data.
2. Main elements of the reform
The main elements of the reform are the following:
- data protection as a fundamental right as enshrined in Article 8 of the Charter and Article 16 TFEU, and in that regard improving the ability of individuals to control their data (freely given, informed and explicit consent, right to rectification, to erasure and to be forgotten, right to information and access to own data, data portability, the right to object);
- maintaining the principle of covering all kinds of situations and all kinds of sectors (except national security, common foreign and security policy, and exclusively nongainful personal activity) with the same or a similar set of rules, whereby the same principles and mechanisms apply to the public and private sector, with necessary and proportionate limitations for the area of law enforcement;
- adapting data protection rules to the new technological progress in a technically neutral way (for example: privacy by design and privacy by default);
- providing effecting means for safeguarding the fundamental right to data protection (purpose limitation, responsibilities of the controller, notification and communication of data breaches, strong and independent national data protection authorities, data protection officers at all public authorities, in companies above a specific size, or in special situations, effective administrative and judicial remedies);
- preventing fragmentation and providing legal certainty for individuals, enterprises (as regards the single market) and public entities through the introduction of the so-called "one stop shop" system (competence of the data protection authority of the main establishment of the controller or processor), and the "consistency mechanism";
- providing harmonisation on basic data protection principles as regards the handling and exchange of data by police and judicial authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties (data protection aspects being an essential part of existing and proposed EU legislation in that regard), thereby also ending the current situation where EU rules (Framework Decision 2008/977/JHA) applied only if a cross-border element was present;
- providing a safe and sound system of data transfers to third countries (either on an adequacy decision for a country, territory or processing sector - based, inter alia, on rights for effective administrative and judicial redress for data subjects residing in the Union - or on specific appropriate safeguards in legally binding instruments) and to promote the EU system abroad (including agreements with third countries).