Taking rights seriously: GDPR starts applying today

Back to News

Today, 25 May 2018, is a landmark in the protection of personal data and privacy of individuals, as the General Data Protection Regulation (GDPR) (EU) 2016/679 starts applying after a long-lasting legislative process.

With this regulation, the EU has legislated a robust solution, which addresses individual rights and relevant obligations of service providers, and is directly applicable to all EU Member States.

Prof. Udo Helmbrecht, Executive Director of ENISA emphasized the significance of 25 May: “Clearly, the application of GDPR, besides its significance from a legal point of view, also gives new impetus to the policy work spearheaded by ENISA in the area of security measures for personal data protection and privacy. In the prospect of its new mandate, ENISA is looking forward to better meeting expectations also among the GDPR stakeholders.”

Compared to the previous legal framework within the EU, GDPR amongst others introduces an enhanced approach on governance, accountability, the role of data protection officers, data breach notifications, risk-based strategies, security measures, consent giving and fines, providing a sound future-proof legal framework in favour of the data subjects. Notions such as “data protection by design and default” and “the right to be forgotten” open up new possibilities in practice for sensible protection of fundamental rights.

ENISA has been engaging with stakeholders of personal data protection and privacy by means of the Annual Privacy Forum (APF), organised annually. APF18 takes place in Barcelona, Spain, on 13-14 June 2018 and it will be organized in collaboration with the Polytechnic University of Catalonia (UPC) and Telefónica. Additional information is available under http://privacyforum.eu/

ENISA has been a long-standing contributor to EU policy on trust and security in the Digital Single Market as it regularly issues viable recommendations to shape technology according to data protection and privacy provisions, and addressing privacy and personal data protection requirements through technology. Recently, ENISA published suitable reports seeking to translate legal obligations into technical approaches, in particular regarding the security of personal data processing[1][2], privacy and data protection by design, Privacy Enhancing Technologies (PETs), personal data breach notifications, as well as proposing mechanisms for user empowerment (transparency and control) in digital environments.[3][4] 

 

For more information on policy work of ENISA regarding personal data protection and privacy, please contact: press@enisa.europa.eu.