On Thursday and Friday, the Ministry of Justice hosted a high-level international conference on the implementation of the EU data protection reform in Tartu to give EU member states the opportunity to find the best solutions before making final decisions on the Data Protection Act beginning in May 2018.
"In the field of privacy and data protection, the speakers of the conference have shown how complex and complicated the task at hand really is," said Ministry of Justice Deputy Secretary General Kai Härmand according to a presidency press release. "We heard inspiring and helpful experiences from our German and Irish colleagues who have already implemented the EU data protection reform; we also had the opportunity to learn the point of view of the big internet companies and watchdogs of data protection."
Participants of the conference noted that data protection does not stand alone and is not simply an obstacle, but also an enabler that will help increase trust in the economy and e-government, Härmand said.
"The implementation of the new General Data Protection Regulation (GDPR) has taken more effort and time than planned, but despite the hardships and the fact that the national data protection authorities (DPAs) do not yet have all the answers or the perfect answers, they are very committed to making the GDPR and its implementation a success story," noted the ministry official. "The participants also agreed that, although the fines have to be there, the national DPAs should not focus on penalties and fines, but rather on giving advicing and providing guidance. The keywords are cooperation, transparency, raising awareness and proactive prevention."
Four key issues were discussed at the conference: data protection in e-governance, privacy versus security in retaining and using communication data, regulatory issues in implementing the GDPR in time, and the challenges and opportunities of GDPR in the private sector.
Regulation to be implemented beginning May 2018
In spring 2016, the European Parliament approved new data protection rules that give people control of their personal data and created a unified data protection level throughout the EU. The new regulation is directly applicable after a transitional period of two years, starting from May 25, 2018.
For citizens, the reform will mean better control over their personal data and the possibility of requiring the deletion of their specific personal data — for example, from an internet search engine, telephone operators, or mail order portals — if there is no legal basis for the processing of the data. More stringent rules will be imposed on public institutions and companies involved in the extensive processing of data, the implementation of which may take both time and money.
Businesses and institutions that collect and use sensitive personal data and databases must map the personal data, appoint a data protection professional if necessary, and make changes in contracts, business models, internal documents, information systems, customer bases and sales. The maximum level of fines that may be imposed in the case of violations will be increased. The requirements also apply to third-country operators who offer their goods or services on the EU market.
Editor: Aili Vahtla