The regulation on the processing and free movement of personal data of natural persons has been published in the EU Journal
Lto personal data protection reform becomes law for EU member states: it will be published today in the European Official Gazette the new Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (attached below) on the protection of individuals with regard to processing of personal data, as well as to the free movement of such data and that repeals Directive 95/46/EC (General Data Protection Regulation).
The regulation officially enters into force on twentieth day after publication in the Official Journal of the European Union, date which is identified in the next May 24, while discipline will find fully applicable from 25 May 2018.
The new legislation is mandatory in all its elements e directly applicable in each of the Member States which will have two years to adapt to the new provisions.
The direct applicability of the Regulation has the effect of automatically making the internal regulations incompatible with it obsolete: for this reason in our country the Privacy Guarantor is already working for one compatibility check of the new regulation with the privacy code (Legislative Decree 196/2003) which risks being almost totally replaced by supranational regulations.
The rules completely rewrites the regulation of privacy at European level: the 99 articles touch on issues such as the right of access, rectification and cancellation (so-called right to be forgotten) of personal data, as well as their security which must be correlated with the right to privacy and with the duty of transparency of the competent authorities.
The document highlights that the rapidity of technological evolution and globalisation bring new challenges for the protection of personal data, the sharing and collection of which has increased significantly.
Such evolution requires a framework more solid and coherent on data protection in the Union, supported by effective enforcement measures, given the importance of create the climate of trust that will allow it development of the economy digital throughout the internal market.
Therefore, they represent the EU bodies, natural persons should have the data control personal that concern them and that the legal certainty and operational is strengthened both for natural persons and for economic operators and public authorities.
The legislation is therefore intended to ensure a consistent and homogeneous application of the rules for the protection of fundamental rights and freedoms of natural persons with regard to the processing of personal data throughout the Union.
With regard to the processing of personal data for the fulfillment of a legal obligation, for the execution of a task of public interest or connected to the exercise of public powers vested in the data controller, the Regulation specifies that the States members should remain free to maintain or introduce national standards in order to further specify the application of the rules of the regulation.
In fact, European legislation also provides for a certain margin of maneuver for the Member States to specify the rules, also with regard to the treatment of particular categories of personal data (sensitive data): in this sense, the regulation does not exclude that the law of the Member States establishes the conditions for specific treatment situations, also by determining more precisely the conditions under which the processing of personal data is lawful.
by Lucia Izzo – 04/05/2016 – Studio Cataldi
Related news: RREGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data, as well as the free movement of such data and repealing Directive 95/46/EC (general data protection regulation)
Health, EU privacy guarantor: "Delegation to the Government to implement new European rules"