Changes in the draft law on the protection of personal data, new system of fines

This is foreseen by the changes in the draft law on the protection of personal data, where it is thought to establish a new system of administrative measures.

The measure of the fine will be the same as that applied by the countries of the European Union.

In contrast to the current law, which does not contain special provisions, this draft law foresees for the first time rules on the processing of personal data by competent authorities for public or national security and for the prevention and prosecution of criminal offences.

This draft law foresees a review of the Commissioner’s mandate and powers in the interest of his independence and the exercise of the function of supervising the implementation of the law, providing for the first time, auxiliary, investigative and corrective powers.

In function of the protection of personal data, in addition to the obligations provided by the current legislation, new obligations are also foreseen for controllers and processors, such as “performing an impact assessment on the protection of personal data before starting a processing process, the obligation to consult in advance with the Commissioner before the start of data processing, in case this processing results in a high risk for the data subject, the obligation to appoint a data protection officer, as well as the introduction for the first time of codes of conduct and mechanisms of certification.”

Full Notice:

Amendments to the draft law “On the protection of personal data” in relation to the law in force No. 9887, dated 10.3.2008 “On the protection of personal data”

The first change is related to the improvement of the definition of terms used in the draft law, as well as the introduction of new terms. Specifically, one of the most important terms in the field of personal data protection is consent. The definition of this term has changed in such a way that any element indicating the will of the data subject, freely given, informed and clear through which he, by means of a statement or by a clear action, is taken as consent affirmative, expresses consent to the processing of personal data related to him, for one or more specific purposes. Meanwhile, new terms have been introduced in the draft law, such as further processing, pseudonymized data, as well as the addition of categories of sensitive data.

In terms of the rights of data subjects, the draft law not only improves and expands their rights provided by the law in force, but also provides for the first time new rights such as the right to be forgotten and right to data portability.

Also, the principles and criteria for processing personal data, although they remain the same, are described in more detail and detail.

In function of the effective protection of personal data, in addition to the obligations provided by the current legislation, new obligations are also foreseen for controllers and processors, such as: conducting an impact assessment on the protection of personal data before starting a processing process, the obligation to consult in advance with the Commissioner before the start of data processing, in case this processing results in high risk for the data subject, the obligation to appoint a data protection officer, as well as the introduction for the first time of codes of conduct and certification mechanisms.

In contrast to the current law, which does not contain special provisions, this draft law foresees for the first time rules on the processing of personal data by competent authorities for public or national security and for the prevention and prosecution of criminal offences.

An essential change brought by this draft law is the review of the Commissioner’s mandate and powers in the interest of his independence and the exercise of the function of supervising the implementation of the law by providing for the first time auxiliary, investigative and corrective powers.

The draft law introduces a new system of administrative sanctions for the violation of its provisions by significantly increasing the amount of the fine, which is unified with the amount of the fine applied by the countries of the European Union, as a clear indication of the importance of the protection of personal data and the implementation of obligations arising from the legal framework in this field

top channel