ES Bendrasis duomenų apsaugos reglamentas: poveikis duomenų apsaugos teisei ; EU general data protection regulation: impact on data protection law

Abstract

EU General Data Protection Regulation, which will come into force in 25 May 2018 will undoubtedly replace the existing practice of personal data protection. This paper examines the impact of the General Data Protection Regulation on data protection law by analysing the content of the Regulation as a source of law as well as the possible implementation problems and the most important features of data protection law. The systematic analysis of the European data protection law and the European Union data protection law suggests that the data protection law developed from the concept of the privacy constitutes a separate legal regulation protecting one of the values of the society: t personal data and person's ability to control the dissemination of information related to him. Changes in data protection law which are enshrined in the General Data Protection Regulation are assessed differently. The direct application of the Regulation, establishment of a one-stop-shop regarding supervisory authorities and extraterritorial protection of data should help to harmonize the European Union's data protection law as well as the application of high standards of data protection in Europe should also stimulate europeanization of data protection law in other countries. Noticeable reinforcement of data subject's consent in the light of data subject's rights creates preconditions for a higher level protection of personal data while the new data subject's right to data portability entails a reasonable doubt about the practical implementation of this right. The General Data Protection Regulation data protection is essentially replacing the system of obligations and liability of data controllers and data processors. The data controllers' obligation to carry out data protection impact assessment and appoint the Data Protection Officer implies that the excessive uncertainty in these responsibilities can substantially complicate the performance of these obligations, however the new system of liability for data protection violations will encourage data controllers and data processors to focus more on data protection law.