European Commission

Take control of your personal data with new EU rules on data protection

When you go online to shop, file your tax return or use social media, you can feel more confident than ever about what happens to the personal information you provide. This is because the GDPR gives you key rights to help you control how organisations use your personal data and makes sure that they also have new procedures to protect it.

Fed up of getting adverts for things you don’t want? You can ask to be removed for marketing distribution lists.  Embarrassed by content online? You can, in some circumstances, get it deleted. Want to change supplier? You have the right to receive all your data from your old supplier to move more easily to the new service provider. Tighter rules on data breaches also mean that you have to be informed if the breach poses a risk to your rights and freedoms.

The new rules apply across the EU, regardless of where the data is processed and where the organisation is based. They even apply to non-EU companies targeting people in the EU. So, whether you’re going local or buying from abroad, you benefit from the same rights and protection.

As of today, the General Data Protection Regulation gives people in the EU more control over their personal data,” says European Commissioner for Justice, Consumers and Gender Equality Věra Jourová. “The new rules make sure that people’s personal information is better protected – no matter where it is sent, processed or stored – even outside the EU.”

Although the GDPR establishes specific rights for individuals, it’s up to you to use them. If you think your data protection rights have been breached, you can contact the organisation holding your data. They should respond to your request without undue delay and free of charge. You also have the right to lodge a complaint with your national Data Protection Authority (DPA) or go to court.

In Poland, newly established office of the President of the Personal Data Protection Office (UODO) will be such authority and will replace existing General Inspector for Personal Data Protection (GIODO). UODO will be an independent organ able to start legislative initiative, it will also be a control body, so if it’d find any violation of the regulations consequential to the new law, it will be able to immediately impose a financial penalty.

New rules for the digital age

The GDPR replaces Europe’s 1995 Data Protection Directive, which was enacted well before the internet and cloud computing introduced new ways of processing personal data. As how we share and use data has changed substantially since then, the EU’s data protection rules needed to be modernised.

Every day, over 250 million Europeans use the internet to connect to their family or shop, while doing so they share a lot of personal data, including their names, home address, ID card numbers and information about their health. This opens the door to numerous potential risks, such as unauthorised disclosures, identity theft or online abuse.

Eight out of 10 Europeans feel they do not have complete control of their personal data, and six out of 10 say they distrust online businesses. Furthermore, nine out of 10 express concern about mobile apps collecting data without their consent, and seven out of 10 worry about the potential use that companies may make of the information they disclosed.

The protection of personal data is not only a key concern for many Europeans, it’s also a fundamental right and is therefore something that needs to be safeguarded. The EU’s General Data Protection Regulation answers this need.

For more information

EU Data Protection Reform – better data protection for European citizens

It’s your data, take control

Common questions and answers

Find your Data Protection Authority

Seven steps to get ready for the GDPR (a factsheet for businesses)

Better rules for European businesses