The European Parliament and Council have reached agreement on the data protection reform proposed by the Commission. The reform is an essential step to strengthen citizens' fundamental rights in the digital age and facilitate business by simplifying rules for companies in the Digital Single Market.
The data protection reform package includes the General Data Protection Regulation ("Regulation") and the Data Protection Directive for the police and criminal justice sector.
The changes will give people more control over their personal data and make it easier to access it. They are designed to make sure that people's personal information is protected – no matter where it is sent, processed or stored – even outside the EU, as may often be the case on the internet.
The four key areas of data protection and privacy management:
1. permission (the consent requested and granted for data use),
2. personal (the use of digital identifiers to personalize content and services),
3. preparation (the standard to which data needs to be held in order to be effective and how this is recognized by consumers) and
4. protection (the effort made by companies to keep sensitive data secure and the expectation of individuals that this will happen).
Overall the GDPR provides the following rights for individuals, many of which apply whatever the basis of processing, although there are some exceptions:
1. The right to be informed how Personal Data is processed
2. The right of access to their Personal Data
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling