New European Regulation (2016/679) on personal data protection


Fines up to 4% of their worldwide turnover, amounting up to 20 million euros, menace companies which shall not conform to a series of new settings concerning private life protection.
These sanctions apply to persons who collect, store, adjust or in any other way process personal data (such as technology corporations) and who do not manage to honor the following commitments:
  • Appoint a responsible person for the protection of personal data in their staff
  • Receive written consent of the recipient before undertaking processing operations. In case of the recipient being a child below the age of 16 years, a parental consent is needed instead. 
  • Being able to prove that personal data are used solely in the absolute necessary extent. In each case the extent is defined and shaped differently depending on the purpose.
In order for the companies to prove that they do respect this principle of proportionality, responsible persons may co-operate with certified data protection mechanisms. The aforementioned mechanisms consist a new provision of the Regulation and their establishment aims exactly at the inspection of its rules implementation.
Moreover, the Regulation lists the data subject’s legal rights. The data subject is considered to be the person whose personal information is subject to process.
These legal rights include the right to rectification, the right to erasure (‘‘right to be forgotten’’) as well as the right to object to the creation of a profile.
The above provisions have already been entered into force immediately since the date of their respective publication.