Skip to main content

Characteristics of the General Data Protection Regulation

| Created by Cloud Privacy Check
Gege Gatt (MT), Partner of EuroCloud CPC Network

A look at the new European Regulation which is bringing Data Protection law into the new century.

The GDPR came into being on the 27th April 2016 and incorporates principles already found in Directive 95/46/EC whilst also repealing the latter. It is an EU Regulation and therefore does not require domestic legislation to be in place in order to apply. The aim of the GDPR is to try and fill the various blind-spots in Directive 95/46/EC to make the law more relevant to the modern day. There are a few changes to existing data protection laws which are of note.

First is the right to restrict processing. This allows an individual to restrict the controller from processing some or all of their personal data for reasons like inaccuracy in the data processed or unlawful processing operations the subject has caught wind of. Secondly the GDPR incorporates the obligation that data protection needs to be a guiding principle for controllers throughout their activity (Privacy by Design and Default). This means that when a new business venture or process is being considered data protection has to be figured-in from beginning to end.

Furthermore, one major development in the GDPR is the acknowledgement of Binding Corporate Rules as a viable regulatory solution where an undertaking needs to process data with or through other bodies established outside the EU. This allows greater opportunities in compliance for organisations which may have branches outside of Europe.

Finally, regarding penalties, it is worth noting that depending on the nature of the breach of law, the maximum administrative penalty can be up to the higher of €20,000,000 or 4% of the controller’s worldwide annual turnover. Suffice it to say that data controllers would best take heed.


Article published by: Dr. Gege Gatt, Malta IT Law Association

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.


About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.