EU member states begin enforcing General Data Protection Regulation
Starting with Friday, 15 May, all European Union member states start enforcing the General Data Protection Regulation, which provides stricter requirements for personal data processing.
As explained by Latvia’s Justice Ministry, this new regulation will combine all requirements for data protection in the EU. It applies to processing, storage, provision to other companies and archiving. The regulation also provides unified rules for all businessmen, regardless of the countries in which they are registered.
GDPR improves on existing principles and forms unified data protection rules across the entire European Union. It also includes the basic rights and freedoms of data protection, the ministry explains. Because the regulation provides stricter requirements for giving consent for data processing, it is now necessary for companies to add changes to different application forms, such as the ones residents fill to receive a customer card.
In addition to different data protection duties and penalties for violations, the regulation also provides rights to private persons to request the company that has their personal data to edit or delete it. Violation of the regulation is punishable with a fine of up to EUR 20 million or 4% of a company’s international turnover. Data State Inspectorate representative Laris Linebergs promised this week at a press-conference that the institution’s approach will remain «consult first». He did not deny that penalties will be applied in cases when companies breach the regulation or Latvia’s laws. The regulation provides applying a one-stop agency principle for businessmen so that companies have to cooperate only with a single data protection institution.
To adopt GDPR, it was necessary for every EU member state to improve their legislation. Latvia has developed Private Persons Data Protection Law for this. The Saeima has already conceptually supported the new law in the first reading.
Justice Ministry notes that the regulation is a directly applicable legislative act in the EU. This means all activities performed on a national level are meant to clarify and add to the regulation.
On Thursday, 24 May, Justice Ministry’s representatives mentioned during the pressconference that there are many rumours circulating about the regulation at the moment. One rumour states that it will no longer be allowed to congratulate people with personalized on the radio or in newspapers. Justice system’s representatives say no such restrictions are provided by the regulation. Nevertheless, residents are advised not to disclose the personal data of the people they want to congratulate.
In spite of society’s confusion with the new regulation, Justice Minister Dzintars Rasnačs said that the ministry has already done a lot to inform residents and businessmen about changes.
The minister emphasized that the regulation does not prohibit anything for residents. It does provide more rights and more duties for data processing companies. The minister said that Latvia already has regulations that protect people’s data. However, the new regulation will help promote personal data protection even more. Ombudsman Juris Jansons had previously said that the Saeima would study if the country’s existing regulations fit GDPR. According to him, this means the chaos with GDPR will continue at least until the end of the year.