EU regulation on data protection: One continent, one law and the impact of the new requirements

Abstract

This paper provides an overview of the new EU General Data Protection Regulation (GDPR), before analysing some of the new legal requirements in more detail. One such requirement is the one-stop shop — a new mechanism which will require much work at the institutional level as national data protection authorities will be obliged to maintain continuous communication with each other and to coordinate their decisions. With regard to the right to judicial remedy against data controllers, the principle of proximity is essential for the effective protection of data subjects’ rights. Again, however, this will require much work at an institutional level. The role of data protection officer, although established in a number of member states, remains to be fully considered in other member states. The GDPR gives all data controllers the opportunity to enhance their privacy awareness and thus develop a comprehensive understanding of all potential privacy risks in order to take the right countermeasures to mitigate them. In conclusion, the GDPR is to be lauded for addressing many of the crucial obstacles to creating a single digital market. Nevertheless, the complex process of applying the new regulation is only just beginning, and only with the cooperation of data controllers and the various European institutions will it be possible to guarantee its effective and consistent application.