As part of the Digital Single Market strategy of the EU Commission, a new Regulation on a Framework for the free flow of non-personal data in the EU (here) became applicable as and from 28th May 2019.
Essentially this new Regulation (being termed the Non-Personal Data Regulation) aims to further the data economy by establishing the principle of free movement of data (the fifth freedom). Data is defined as data other than that which falls within the definition of “personal data” under Article 4 of the GDPR.
The key points of this Regulation are:
- A restriction on data localisation restrictions for the processing or storing of non-personal data unless justified for public security (and even then, such measures must be proportionate to the aim to be achieved);
- Member states will have to repeal any data localisation legislative requirements by 30th May 2021 (or justify to the Commission why any such measures are to remain in force) and make available national data localisation requirements online at a single information point;
- Competent authorities (which are defined very broadly) will not be prevented from accessing data which they require to fulfill their necessary functions merely because it is processed in another Member State; and
- The Commission will encourage and facilitate the development of self-regulatory codes of conduct by service providers that ensure data portability for professional users.
This Regulation will certainly generate fewer headlines than its more famous (or maybe notorious!) cousin, the GDPR, and its impact will be much less significant. And while the aim of the Regulation is to be welcomed, its interaction with the GDPR could create difficulties. The Regulation provides that where a data set is composed of both personal and non-personal data, this Regulation will apply to the non-personal data but it also states that where the personal and non-personal data in a data set are inextricably linked, this Regulation “shall not prejudice the application” of the GDPR. While we will have to wait to see how this plays out in practical terms, it is clear that the EU Commission is pushing forward with their drive to create a Digital Single Market in Europe.
We do not want to preach about security but we want every individual in an organisation to practice it. If you would like to speak to our subject matter experts for further advice, call us: 1800 903 552 or e-mail us.