The new European rules on data protection

In April 2016 new European rules were adopted on data protection, although Regulation (EU 2016/679) provides implementation for a transitional period, which is scheduled for two years after the date of coming into force  (it occurs within 20 days after the publication in the Official Journal of the European Union), so the new European rules on data protection will not be completely applied until May 25, 2018.

These new rules on data protection involve the revitalization and modernization of the principles embodied in 1995 (Directive 95/46/CE), these principles aim to to ensure privacy rights. However, these principles had become outdated under the new  Information and Knowledge Society, a digital age where the Internet has not only extended our lives but also set a main focus on our daily lives. In fact, this obsolescence is reflected in the Eurobarometer (2013), which expose the fear of Europeans people about the safety of their data, while 76% has their data held by private companies European and 64% by public authorities.

So these new European rules will allow European citizens to have more control over their private information and raise the level of protection and safety of citizens’ data in the context of the digital age.

Here are some of the most important aspects in the new rules of data protection:

  • The right to oblivion by the correction or deletion of personal data (Article 17):

Anyone is permitted to be forgotten or delete his personal data when no longer wants his data remains exposed, unless there are legitimate reasons for which such data are maintained. In that case, the person must apply to the Internet company that matches an application in order to delete your data. There are exceptions: for example, if the data have historical, statistical or scientific purpose, the right to oblivion will not be applied.

Data Protection
  • The need for a “clear and affirmative agreement” of the person who is processing their personal data (Article 7):

An example would be the selection of a box, an Internet website or something similar with the agreement that the processing of the personal data is declared. It will also facilitate the power to remove a previously given consent. Therefore, citizens will have better control over who has their private data.

Data Protection
  • The “portability” or the right to transfer the data to another service provider (Article 20):

The legislation provides the right to change the personal data of the service provider, from one to another without losing information. In practice, this means that you can change your email provider for example, but without losing contacts or e-mails.

Data Protection
  • Clear and understandable language about the privacy policy (Articles 12, 13, 14):

The new regulations promote the transparency of the “small print”, so now people have the right to be informed in a clear and simple language.

Data Protection: Privacy
  • The right to be informed whether personal data have been hacked/reproduced (Articles 33 and 34):

New European rules on data protection include the right to know if their data has been hacked/reproduced, so that companies will be required to report any serious violation of data as soon as possible. In this way, users can react and take measures to protect their data.

Data Protection


  • Fines up to 4% of the global turnover of the companies in the event of infringement (Article 21):

The new regulation involves clear limits on the use of profiles, like the techniques used to predict performance or behaviour (employment status, economic, location, preferences…) of a person based on the automated processing of data. In the case of not submitting with these companies, they will be subject to fines up to 5% of total company income. Only it is allowed to use these profiles if the person consents and provides that this profile is not based on discriminatory or sensitive data.

Data Protection
  • Special protection for children (Article 8)

The new rules aim to protect children: they also have the right to be forgotten, even more then others. In addition, children will need permission from their parents to create an account in social networks, rising the age limit from 13 to 16 years.

Data Protection

As shown in the new European regulations regarding to data protection, European citizens can manage data and privacy in a much more effective way. The European Parliament (2016) shows that these news rules exist for “high protection standards and adapting to the digital environment. It also includes new minimum standards for the use of data for law enforcement purposes”.

In addition, this legislation becomes a clear and concise guide for companies, they can set up policies and regulations for data and find legal protection, which allows them to engage in fair competition.

Because of Information and Knowledge Society and the rise of the Internet (2012) people expected these measures for years. There is a daily use of computers and smart devices like Smartphones or Tablets, which are used for all kinds of online services, ranging from personal shopping to the use of public services (often through the digital signature, such as making the statement of income, grants etcetera). Which means there was an urgent need to protect these sensitive data, which now will be solved with the new regulations. (1)

In short, the new European rules on data protection are a useful tool for both European citizens and businesses, because now the rights about privacy and data protection protects Europe from a legal point of view.

(1) On behalf of Viafirma, we want to make sure that you know that we are very sensitive about the fundamental rights of protection of individuals in relation to the processing of personal data people. We totally lined up with the new standard principles, so we will not wait the two years of transition. The website, products and services will change recording to the Regulation 2016/679 of the European Parliament and the Council of the European Union.