• Print

The European Data Protection Regulation, fully applicable as from 25 May

24/05/2018 14:05
M. ÀNGELS BARBARÀ and FERRAN TARRADELLAS

The Catalan Data Protection Authority (APDCAT) has explained the implications of the European Data Protection Regulation which, after being in force for two years, is fully applicable as from 25 May.

Organisation of the event, which took place in the Aula Europa, seat of the European institutions in Barcelona, included representation of the European Commission. Participants included the APDCAT Director Maria Àngels Barbarà and the Director of the Commission’s representation in Barcelona, Ferran Tarradellas.

Reference was made to the tools the APDCAT has created to facilitate organisations’ adaptation to the GDPR, as well as instructions such as the Guide to the data protection impact assessment.  A video was also presented featuring the actor Santi Millán explaining citizens’ rights in a more entertaining and cordial fashion, together with another on the 012-hotline service and a children’s tale addressed to young people from 4 to 6 years of age aimed at raising their awareness of the importance of exercising control over their data. Finally, details were provided about the campaign to disseminate information about this fundamental right, which was carried out on 25 May in various municipalities around Catalonia.

During the event Maria Àngels Barbarà, Director of the APDCAT, stressed that “we want people to be proactive in defending their rights and to take control over the use of their personal data”.  

 “The Regulation strengthens citizens’ rights and gives them greater control over their data at the same time as it demands more transparency in all data processing activities”, she explained.

She said that the APDCAT “is on hand to inform and advise entities and companies about the significant changes included in the European Data Protection Regulation.”  

Subsequently, the Director of the European Commission’s representation in Barcelona, Ferran Tarradellas, explained that “the Treaty of Lisbon recognises protection of personal data as a fundamental right. Eight out of every ten Europeans feel they don’t have complete control over their data”. “The new European Regulation, which will be fully applicable as from tomorrow [25 May], grants Europeans better control over their personal data and offers them increased protection in the event of this information being misused.”     

In collaboration with the Catalan School of Public Administration, the Catalan Data Protection Authority has developed the 2018-2020 Strategic Training Plan for data protection to address the needs of the Administration of the Government of Catalonia, public institutions, local entities, public and private universities and all other Catalan public bodies.

Accompanied by Joan Mateu, Secretary for Educational Policies at the Catalan Ministry of Education, and Mark Jeffery, Head of coordination and strategic planning of the Representation of the European Commission in Barcelona, Maria Àngels Barbarà took advantage of the occasion to award prizes to schools that had participated in the APDCAT space at the Youth Mobile Festival Barcelona 2018.

Implications of this new European Regulation

There has been a significant change in the way organisations should process data: they must now follow the accountability principle. They must assess the best way to fulfil the obligations of the GDPR, are responsible for doing so correctly and must be prepared to demonstrate that this is the case.

People’s consent to processing must be freely given, specific, informed and unambiguous. We must be able to say yes or no, on each and every occasion. The Regulation requires clear, positive action.

It also provides for the right to be forgotten, under the right to erasure, and creates new rights, such as restriction of processing and data portability.