CONTINUEThis site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.
  1. Front Page
  2. News By Topic
  3. EU Issues GDPR Tool For SMEs, Guidance For States

EU Issues GDPR Tool For SMEs, Guidance For States

by Ulrika Lomas,, Brussels

31 January 2018

The European Commission has newly launched an online tool to support citizens, businesses – and in particular small- and medium-sized firms – and other organizations to come to terms and comply with new data protection rules being introduced from May 25: the General Data Protection Regulation.

The changes are impacting all companies that hold personal data across the world, including the tax and accounting industry. The GDPR regime, which entered into force on May 24, 2016, will apply across all 28 member states from May 25, 2018.

In summary, the GDPR strengthens and unifies data protection for all individuals within the EU, including in the areas of data portability, the "right to be forgotten," and children's data. GDPR also introduces new standards for notification of data breaches and tighter response deadlines by data holders where individuals seek to understand how much of their personal information an entity has retained.

The EU says that new ways of regulating the storage, processing, and use of personal data are necessary because of the sheer amount of information that companies now hold about individuals. What's more, the existing EU rules on data protection, enshrined in the 1995 Data Protection Directive, are now well out of date.

The GDPR requires that personal data shall be:

  • processed lawfully, fairly, and in a transparent manner in relation to individuals;
  • collected for specified, explicit, and legitimate purposes;
  • adequate, relevant, and limited to what is necessary;
  • accurate and, where necessary, kept up to date;
  • kept in a form which permits identification of data subjects for no longer than is necessary; and
  • processed in a manner that ensures appropriate security of the personal data.

The GDPR also requires that organizations appoint a data protection officer if they carry out large scale systematic monitoring of individuals or undertake large scale processing of special categories of data or data relating to criminal convictions and offences. However, the GDPR permits groups of companies to appoint a single data protection officer where appropriate.

The newly launched tool is intended to support stakeholders in their preparation efforts and inform the citizens about the impact of the Regulation. In addition, the Commission has said, in the run up to May 25, it will continue to actively support member states, data protection authorities, and businesses to ensure the reform is ready to enter into effect.

From May 2018 onward, it will monitor how member states apply the new rules and take appropriate action as necessary. In 2019, one year after the Regulation enters into application, the Commission will organize an event to take stock of different stakeholders' experiences of implementing the Regulation. This will also feed into the report the Commission is required to produce by May 2020 on the evaluation and review of the Regulation.

Alongside the launch of the tool, the Commission released new guidance on the preparations that need to happen prior to May 25, aimed at Commission staff, national data protection authorities, and national administrations.

The Commission said: "Preparations are progressing at various speeds across member states. At this stage, only two of them have already adopted the relevant national legislation. Member states should speed up the adoption of national legislation and make sure these measures are in line with the Regulation. They should also ensure they equip their national authorities with the necessary financial and human resources to guarantee their independence and efficiency."

Discussing the need for guidance, the Commission explained: "While the new regulation provides for a single set of rules directly applicable in all member states, it will still require significant adjustments in certain aspects, like amending existing laws by EU governments or setting up the European Data Protection Board by data protection authorities. The guidance recalls the main innovations, opportunities opened up by the new rules, takes stock of the preparatory work already undertaken and outlines the work still ahead of the European Commission, national data protection authorities, and national administrations."

TAGS: individuals | tax | business | European Commission | value added tax (VAT) | law | legislation | standards | regulation | European Union (EU) | Europe

To see today's news, click here.


Tax-News Reviews

Cyprus Review

A review and forecast of Cyprus's international business, legal and investment climate.

Visit Cyprus Review »

Malta Review

A review and forecast of Malta's international business, legal and investment climate.

Visit Malta Review »

Jersey Review

A review and forecast of Jersey's international business, legal and investment climate.

Visit Jersey Review »

Budget Review

A review of the latest budget news and government financial statements from around the world.

Visit Budget Review »

Stay Updated

Please enter your email address to join the mailing list. View previous newsletters.

By subscribing to our newsletter service, you agree to our Terms and Conditions and Privacy Policy.

To manage your mailing list preferences, please click here »