New EU data protection rules which aim to give citizens back control of their personal data and create a high, uniform level of data protection across the EU fit for the digital era was given their final approval by MEPs on Thursday, 14th April. The reform also sets minimum standards on use of data for policing and judicial purposes.
The new rules include provisions on:
a right to be forgotten,
"clear and affirmative consent" to the processing of private data by the person concerned,
a right to transfer your data to another service provider,
the right to know when your data has been hacked,
ensuring that privacy policies are explained in clear and understandable language, and
stronger enforcement and fines up to 4% of firms' total worldwide annual turnover, as a deterrent to breaking the rules.
Next steps
The regulation will enter into force 20 days after its publication in the EU Official Journal. Its provisions will be directly applicable in all member states two years after this date.
Member states will have two years to transpose the provisions of the directive into national law.
Due to UK and Ireland's special status regarding justice and home affairs legislation, the directive's provisions will only apply in these countries to a limited extent.
Denmark will be able to decide within six months after the final adoption of the directive whether it wants to implement it in its national law.
More information at http://www.europarl.europa.eu/news/en/news-room