EU GENERAL DATA PROTECTION REGULATION: SIGNIFICANCE FOR THE DATA PROTECTION LAW
-
Julius Zaleskis
Published 2017-07-24
https://doi.org/10.15388/Teise.2017.103.10779
PDF

How to Cite

Zaleskis, J. (2017) “EU GENERAL DATA PROTECTION REGULATION: SIGNIFICANCE FOR THE DATA PROTECTION LAW”, Teisė, 103, pp. 45–54. doi:10.15388/Teise.2017.103.10779.

Abstract

The EU General Data Protection Regulation shall be applied from 25 May 2018. This is the result of the personal data protection law reform in the EU. So far the legal regulation in the EU Member States has been based on EU Data Protection Directive 95/46/EC of 1995 that is implemented by the Law of the Republic of Lithuanian on Legal Protection of Personal Data. The aim of this article is to reveal the significance of the General Data Protection Regulation for the data protection law as an area of law.
One can distinguish as significantly important those provisions of the General Data Protection Regulation which are due to impact development of the data protection law beyond the EU and accelerate globalisation of the data protection law in accordance to the EU standards. The said functions should be performed by those provisions of the General Data Protection Regulation that oblige non-EU data controllers to follow the EU requirements while processing personal data concerning data subjects who are in the Union and establish cases where data can be transferred to third countries or international organisations by way of ensuring data protection that is analogous to the EU standards.
The General Data Protection Regulation redraws the limits of the liabilities for the compliance in the data protection law. The involvement of data protection supervisory institutions in daily data processing activities and its control is due to be reduced. It also strengthens the primary liability of a data controller for ensuring the compliance with the data protection law, promotes data controllers’ autonomy and trust in them. Such significant impact to the data protection law shall be produced by the entirety of the following novelties: the principle of accountability, obligations to carry out a data protection impact assessment, to consult a supervisory authority, appoint a data protection officer, repeal of procedures for notification of supervisory authorities and prior checking.
Efficient application of the General Data Protection Regulation in Lithuania can be encumbered by the lack of methodical, explanatory, recommendatory materials on interpretation and implementation of abstract new provisions. Due to lack of legal certainty purposes of the General Data Protection Regulation may be better furthered at the beginning of the application of the novelties by way of such regulatory instruments as instructions, reprimands and opinions rather than imposition of enormous fines.
PDF

Downloads

Download data is not yet available.