8.09.2017. On 7th-8th September, Ministry of Justice organised a high-level international conference on implementation of the EU Data Protection Reform to give the EU Member States the opportunity to find the best solutions before making final decisions on their Data Protection Acts from May 2018.
“In the field of privacy and data protection the speakers of the conference have shown how complex and complicated the task in hand really is. We heard inspiring and helpful experiences from our German and Irish colleagues who already have implemented the EU Data Protection Reform, also we had the opportunity to learn the point of view of the big internet companies and the watchdogs of data protection,” noted Deputy Secretary General of the Ministry of Justice Ms. Kai Härmand.
“The participants noted that data protection does not stand alone, it is not just an obstacle, but also an enabler that will help increase trust in the digital economy and e-Government. The implementation of the new General Data Protection Regulation (GDPR) has taken more effort and time than planned, but despite the hardships and the fact that the national Data Protection Authorities do not have all the answers or the perfect answers yet, they are very committed to make the GDPR work and its implementation a success story. The participants also agreed that, although the fines have to be there, the national DPAs should not focus on penalties and fines, but rather on giving advice and providing guidance. The keyword are cooperation, transparency, awareness raising and proactive prevention,” said Ms. Härmand.
There were four main issues discussed on the conference: data protection in e-Governance, privacy versus security in retaining and using communication data, regulatory issues in implementing the GDPR in time and the challenges and opportunities of GDPR for private sector.
In spring 2016, the European Parliament approved new data protection rules that give people control of their personal data and create a unified data protection level throughout the EU. The new regulation is directly applicable after a transitional period of two years from 25 May 2018.
For citizens, the reform means better control over their personal data and the possibility to require the deletion of their specific personal data, for example, from internet search engine, the telephone operator, or mail order portal, if there is no legal basis for the processing of data. More stringent rules will be imposed on public institutions and companies involved in the extensive processing of data, the implementation of which may take both time and money.
Businesses and institutions that collect and use sensitive personal data and big databases must map the personal data, appoint a data protection professional, if necessary, make changes in the contracts, business models, internal documents, information systems, customer bases and sales. The maximum level of fines that may be imposed in case of violations will be increased. The requirements also apply to third-country operators who offer their goods or services on the EU market.
The videos of the presentations and panels of the conference “E-Volution of Data Protection” can be seen on Tartu University Television:
Session I http://www.uttv.ee/naita?id=26027
Session II http://www.uttv.ee/naita?id=26029
Session III http://www.uttv.ee/live?id=26037
Ministry of Justice of the Republic of Estonia
+372 527 6806