Characteristics of the General Data Protection Regulation


A look at the new European Regulation which is bringing Data Protection law into the new century.

The GDPR came into being on the 27th April 2016 and incorporates principles already found in Directive 95/46/EC whilst also repealing the latter. It is an EU Regulation and therefore does not require domestic legislation to be in place in order to apply. The aim of the GDPR is to try and fill the various blind-spots in Directive 95/46/EC to make the law more relevant to the modern day. There are a few changes to existing data protection laws which are of note.

First is the right to restrict processing. This allows an individual to restrict the controller from processing some or all of their personal data for reasons like inaccuracy in the data processed or unlawful processing operations the subject has caught wind of. Secondly the GDPR incorporates the obligation that data protection needs to be a guiding principle for controllers throughout their activity (Privacy by Design and Default). This means that when a new business venture or process is being considered data protection has to be figured-in from beginning to end.

Furthermore, one major development in the GDPR is the acknowledgement of Binding Corporate Rules as a viable regulatory solution where an undertaking needs to process data with or through other bodies established outside the EU. This allows greater opportunities in compliance for organisations which may have branches outside of Europe.

Finally, regarding penalties, it is worth noting that depending on the nature of the breach of law, the maximum administrative penalty can be up to the higher of €20,000,000 or 4% of the controller’s worldwide annual turnover. Suffice it to say that data controllers would best take heed.


Article published by: Dr. Gege Gatt, Malta IT Law Association


Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

CPC project office: Dr. Tobias Hö


What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.