General Data Protection Regulation will come into effect in two months
On May 25th, 2018, the General Data Protection Regulation (GDPR) will come into effect after it was approved by the EU parliament on April 14hth, 2016. The GDPR will provide the implementation of the once-only principle with a coherent legal framework across all EU Member States and aims at protecting EU citizens personal data rights.
The EU General Data Protection Regulation replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe and to protect EU citizens' data privacy rights. The GDPR does not only apply to organisations located within the European Union but will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company's location. It addresses the export of personal data outside the EU. The GDPR aims primarily at giving EU citizens full control over their personal data and simplifying the regulatory environment for international business by unifying the regulation within the EU.
The GDPR provides a coherent legal framework on data protection for the implementation of the once-only principle as it standardises data protection regulations across all EU Member States. Four aspects are important in order to implement the once-only principle and to meet the standards of the GDPR.
1. Citizens should always be able to view their data and be notified about the usage and handling of their data. It is important that citizens have full control and data sovereignty which can only be guarenteed through transparent digital public services.
2. The use of once-only needs to be voluntarily agreed to by the citizens. Citizens cannot be forced to agree to the re-use of their personal data by public administrations.
3. Rather than making once-only solutions mandatory, it is better to offer opt-in solutions.
4. Citizens cannot be asked to give generalized consent for future reference in all cases but need to be asked individually if and how their data can be re-used and shared.
Since public administrations handle very sensitive data, it is important to adhere to data protection regulations. The GDPR supports privacy by design and privacy by default solutions to ensure that privacy and trust issues are effectively addressed.
For more information:
- Law: General Data Protection Regulation: (EU) 2016/679
- Overview of data protection in the EU (Website of the European Commission)
- Presentation of GDPR and the once-only principle by Martin Zahariev (SCOOP4C Stakeholder workshop in Sofia, Bulgaria)