European Commission Statement ahead of Data Protection Day

“This year Data Protection Day comes eight months after the entry into application of the General Data Protection Regulation on 25 May 2018. We are proud to have the strongest and most modern data protection rules in the world, which are becoming a global standard. The Facebook/Cambridge Analytica case and recent data breaches have shown that we are doing the right thing. What is at stake is not only the protection of our privacy, but also the protection of our democracies and ensuring the sustainability of our data-driven economies. One of the main aims of the General Data Protection Regulation is to empower people and give them more control over one of the most valuable resources in modern economy – their data. We can only reach this goal if and when people have become fully aware of their rights and the consequences of their decisions. We are already beginning to see the positive effects of the new rules. Citizens have become more conscious of the importance of data protection and of their rights. And they are now exercising these rights, as national Data Protection Authorities see in their daily work. They have by now received more than 95,000 complaints from citizens. The Data Protection Authorities are also enforcing the new rules and better coordinating their actions in the European Data Protection Board. They are guiding companies, especially small and medium sized enterprises, and citizens, explaining them their rights and obligations. Practical implementation by Member States is now well advanced. We count, however, on the five remaining Member States to adapt their legal frameworks to the new EU-wide rules as soon as possible. The Commission continues to monitor this process to address potential shortcomings and help see the EU fully covered by the Data Protection rules as soon as possible. There is a clear convergence at international level towards a modern data protection regime. This facilitates data exchanges and supports trade. The best example is the recent adoption of our mutual adequacy findings with Japan. With this, we have created the world’s largest area of free and safe data flows. Today, Europe is not only ensuring strong privacy rules at home, we are leading the way globally.” Background In 2006, the Council of Europe launched a Data Protection Day to be celebrated each year on 28 January. The General Data Protection Regulation has been applying since 25 May 2018 (see statement). In January 2018, the Commission published a guidance document to facilitate the smooth application of the new data protection rules across the EU as of 25 May. The Commission also launched a new online tool to inform organisation and citizens about the new rules. In January 2017, the Commission adopted a Communication on data flows and protection, which set out the EU strategy in the field of international data flows and protection. The adoption of the adequacy decision on Japan on 23 January 2019 is a first tangible result of this strategy. It will allow personal data to flow freely between the two economies on the basis of strong protection guarantees. The Commission is also in the process of negotiating an adequacy decision with South Korea.  The Commission will launch the raising awareness campaign to help citizens and businesses, especially small and medium sized, understand better their new rights and obligations and will organise an event in June to take stock with authorities, companies and others of where we stand one year after the entry into application of the General Data Protection Regulation. For More Information             Infographic – GDPR in numbers Myth busting factsheet Online tool Commission guidance Seven steps for businesses to get ready for the General Data Protection Regulation Call for proposal for Data Protection Authorities Commission Guidance on the application of Union data protection law in the electoral context · 25 January 2019 · 15:15