in: GDPR

In an important ruling, the Court of Justice of the EU (CJEU) ruled yesterday (5 June) that an administrator of a fan page on Facebook may be considered a controller jointly responsible with Facebook for the processing of personal data, as it takes part in the determination of the purposes and means of processing of personal data of visitors to its fan page.

While this ruling relates to Directive 95/46/EC, which was repealed by the GDPR, it will also be of particular significance under the GDPR.

Read more on: https://curia.europa.eu/jcms/upload/docs/application/pdf/2018-06/cp180081en.pdf

As a first step in Belgium’s privacy reform, a new law was published today setting up a Belgian Data Protection Authority (replacing the current Belgian Privacy Commission) in anticipation of the future applicability of the General Data Protection Regulation (GDPR). With this law, the Belgian Data Protection Authority acquires substantial investigative and judiciary powers, as well as new bodies which will be able to impose the sanctions introduced under the GDPR.

While the GDPR will provide for a greater degree of harmonization than the current regime , there are approximately 50 possibilities for Member States exceptions, additional requirements or specifications to the GDPR (e.g. in terms of processing of HR data, minimum age of children for consent, situations where a DPO is mandatory). These will be the subject of a separate piece of legislation, for which no draft is currently available.

Emmanuel Szafran spoke at several multidisciplinary seminars in May and June 2016 on the recently adopted EU General Data Protection Regulation (GDPR).

After nearly four years of intense negotiations, the lengthy regulation was formally adopted by the European Parliament on 14 April 2016. The GDPR introduces new European data protection rules that will directly apply in all EU Member States. It modernises the current data protection framework and strengthens compliance obligations. The regulation will apply to EU controllers and processors but also to organisations not established in the EU processing personal data of data subjects located in the EU in relation to offerings of goods or services or behavioral monitoring. In view of the new enforcement powers of national data protection authorities and of the potentially drastic sanctions, compliance with the new GDPR is a must.

Prepare now. The new Regulation can have a significant impact on your company. It is key for companies to immediately start reviewing their operations that involve collecting and processing personal data, and to implement the new data protection requirements from both a legal and operational point of view before the regulation becomes applicable in spring 2018.