Now Reading:

European General Data Protection Regulations - Highlights

Business Regulations, Law & Practice	3657 VIEWS
Business Regulations, Law & Practice
3657 VIEWS

Tuesday, 26 February 2019 01:19PM / By Oserogho & Associates

Introduction

Reliance on internet electronic communication continues to increase. With its numerous benefits also come risks that legislation needs to address, and stay ahead of wherever possible. This is particularly as Data Harvesting and Processing, especially Big Data in the social media sphere, are now very lucrative legitimate and illegitimate businesses.

The European Union (“EU”) General Data Protection Regulations (“GDPR”) is arguably now the world’s most up-to-date legislation on Data Confidentiality, Privacy and Protection for EU Resident Data Users or Subjects. A good example of the far reaching effect of the GDPR are the data breaches fines imposed on Google by France; and the on-going data breaches investigations by the EU on Facebook and some android companies.

Organisations who have access to, and or process EU Residents (and non-EU residents) electronic data must therefore pay more attention to the new, salient and special provisions of the GDPR, some of which provisions are highlighted in this newsletter; most of which material are sourced from the 400+ pages ….

Handbook on European Data Protection Law, 2018 Edition | European

Key EU Data Protection Provisions

A key, fundamental objective of the EU GDPR is not only the protection and safeguard of EU Resident Data Users rights to privacy but also their rights to the confidentiality of their personal data. Both of these rights are now fundamental human rights under EU Law.

Automated and non-automated processed electronic data are also now protected under the GDPR. With only statutory exceptions allowed, underlining the GDPR is the unequivocal consent of the Data User or Data Subject on how his or her personal data is collected, processed, protected and disseminated.

The Data User is also granted the unfettered right to freely withdraw his or her consent as to the use of his or her personal data provided the GDPR principles on the lawfulness, fairness and transparency of how the data is managed are adhered to.

Personal Data Breaches, whether accidental or otherwise, must be addressed by the Controllers, Processors and Data Protection Officers in a timely and appropriate manner by the latter parties notifying the completely Independent Statutory Data Supervisory Authority of any material Data Breach within Seventy-Two (72) hours of such a data breach.

The Data User is also required to be immediately notified if the data breach is likely to cause high privacy and confidentiality risks to such a Data User or Users. In more severe cases, a public communication of the data breach and the measures to ratify such breach is/are required.

Remedies, Reliefs, Compensation and Fines

Some of the initial remedies that Data Subjects or Users have when their Data Rights are infringed include lodging with the Data Controllers and Processors a Complaint, seeking either or all of the following reliefs:- Data Rectification, Data Erasure, Portability of the User’s Data, etc. These remedial assistances are to be provided without any charge, costs or fee to the Data Subject or User.

Where resort to the Data Controller or Processor does not ratify the data breach, the Data Subject has the further right to resort to the Supervisory Independent Data Regulatory Authority in his or her EU country before a further resort to judicial remedies for material and non-material damages are explored. From the Supervisory Data Regulatory Authority are additional remedies of full and effective compensation for the data breach or breaches.

The Supervisory Data Regulatory Authority has, in addition to the corrective powers enumerated above, the additional power to impose administrative fines for any GDPR infringement up to €20,000,000 (Twenty Million Euros). Where the infringement is by an undertaking venture, the higher of the latter sum of 4% of the undertaking venture’s total worldwide annual turnover will be imposed for the data infringement.

Data Protection and National Security

To balance individual data rights with national security and public safety, i.e. Police and Criminal Justice administration as examples, the processing of generic and other criminal administration data by public justice authorities is permitted subject to the data protection regulations in the GDPR and the Budapest Convention on Cybercrimes. Underlining this exception is the principle that there must be substantial public interest to be protected, which interest is provided for by Law.

Among other countries, Bi-lateral Personal Data Protection Agreements also exist between the EU and the United States law enforcement agencies.

Conclusion

Consequences of Data Breaches, especially to individuals, could be severe; from Identity Theft to Fraud and other Financial Losses; infringement of an individual’s rights to privacy and confidentiality which could lead to Defamation; Copyright Infringement; Child Pornography; unlawful hacking and surveillance; etc.

Enhancing Rudimentary Public Enlightenment on the importance of Data Protection is therefore an essential modern day requirement when using the internet.

Tech Regulation Updates

1. EU and Global Securities Regulators Welcome Agreement on Data ... – Feb 15, 2019

2. How The General Data Protection Regulation Will Affect Your Business... – Mar 22, 2018

3. How SMEs can prepare for the General Data Protection Regulation

4. FSA: Japan And France Sign Cooperation Frameworks Regarding Innovation In The Financial Sector

5. Britain To Initiate ‘Digital Services Tax’ On Tech Giants From April 2020; Expects $512m Yearly

6. SEC Sets Up Special Committee On Fintech For Capital Markets

7. FintechNGR Kicks-off Fintech Knowledge Series For Regulators

8. DFSA Joins Peers In Discussion On A Global Financial Innovation Network

9. New Regulation Has Significantly Changed E-money Landscape In Indonesia

10. New Rules For Credit Fintech Companies In Brazil

11. CBN Issues Circular on Compliance with Cybercrime Act 2015

12. CBN Issues Exposure Draft of the Risk-Based Cyber-Security for DMBs and PSPs

13. EBA Publishes Opinion On Implementation Of The RTS On Customer Authentication And CSC

14. Fintech Association Partners SEC On RoadMap For The Nigerian Capital Market

15. The Nigerian Trading Online Report 2018 To Include Section on Regulatory Technology

Disclaimer:

This is a free educational material. It does not serve as a source of solicitation, advertisement or the offering of legal services or advice of any kind. No Client/Attorney relationship is therefore created. Readers are strongly advised to always seek from qualified Legal Practitioners, competent legal counseling to their specific factual situation.

Intellectual Property Protected!

This material is protected by International Intellectual Property Laws and Regulations. This material can therefore only be reproduced or re-distributed for non-profit educational purposes under the strict condition that our Authorship of this material is explicitly acknowledged, and our above Disclaimer Notice is prominently displayed. [ contactus@oseroghoassociates.com ]