On 6th April 2016, the European Union voted for the application of the General Data Protection Regulation with a final date for all Member States of the European Union on 25th May 2018. The new Regulation, with its implementation, repeals the earlier Directive 95/46 / EC which concerned the protection of personal data.
Most Member States already had national legislation in place to protect the personal data of individuals. So what is the reason for a pan-European legislation, since the Member States have passed laws to protect their citizens?
The difference lies in the EU's interpretation of the concepts of "Directive" and "Regulation". "Directive" are legislative acts that set an objective that all EU countries must achieve with specific freedoms in their implementation. While "Regulation" is a binding, legally enforceable piece of legislation imposing fines.
This meant that each country had its own national legislation but was limited to its natural borders only, there were several differences in terms of respect, concepts and application in each country but it did not cover the citizens of other countries EU Member States as it was only "national" legislation.
Implementation of the new Regulation creates a single set of rules with immediate legal force in all Member States and the protection of EU citizens is spread across 28 Member States and 31 EEA countries, not only locally.
- There is a specific legislative framework that applies to all EU residents in any country.
- The single European market will enhance consumer confidence and security, and now small and large businesses play under the same rules.
- The responsibilities of each country's Data Protection Authorities are increased and they are given greater freedom in the proper implementation of the Regulation.
- Enhanced individual rights with the obligatory consent of consumers for acts performed by third parties.
- Greater validity, better control and stronger protection of personal data.
- Better clarity in the sharing of obligations and burdens for both individuals and businesses.
The new regulation stipulates that no country will make changes to the regulation as regards the drafting or interpretation of the Rules of Regulation. Responsible for the implementation of the Regulation are the Local Country Protection Authorities and the competent courts for interpretation. The Regulation will be included in its entirety. On May 23, 2018, the EU published its latest Communication on the amendment of GDPR 679/2016 and Member States have to implement these changes.
In addition, each country has the right to amend or change the existing national laws on personal data protection as there are several laws that may be defined or referred to the protection of personal data. For example, national laws on electronic communications or electronic commerce also concern the protection of individuals and consumers. In Cyprus, France, Germany and many other countries has already begun to amend national legislation so as to better harmonize it with EU Regulation 679/2016.
Specifically in Cyprus, Regulation 679/2016 is in force and the previous law 138 (I) 2001 on the protection of personal data has been abolished and Law 125 (I) 2018 published in the Government Gazette on 31 July 2018 that now applies.
The conclusion is that Regulation 679/2016 has a pan-European force with legislation that is enforceable at a later date for each Member State. But because the concept of a national law must be protected, every citizen must respect and obey local and national laws as they apply at any given time.
- Τhe regulation from the official website of the European Union in all EU languages
- The official website of the European Commission
- The official website of the Commissioner’s Office and the Supervisory Authority for the Protection of Personal Data in Cyprus
- The official website of the European Commission for the Protection of Personal Data
- The official website of the European Commission for the Control of Personal Data