O NOUĂ PERSPECTIVĂ ASUPRA SARCINII ADMINISTRATIVE A CONTROLORILOR DE DATE ÎN CADRUL UNIUNII EUROPENE
A NEW PERSPECTIVE ON THE LEGAL ADMINISTRATIVE BURDENS ON DATA CONTROLLERS WITHIN THE EUROPEAN UNION

Summary/Abstract: For almost twenty years the legal regime on personal data protection within the European Union was mainly regulated by Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. According to the provisions of this act, one of the legal obligations of the data controllers was to notify the processing operations they carry out to the supervisory authorities established in the Member States. Each Member State transposed this legal provision in different ways, and some of them stipulated a series of exceptions from the obligation to notify, among which being the appointment of a data protection official at the level of the data controllers. The process of notification results in administrative burdens, both for the data controllers and the supervisory authorities, in some cases. Therefore, the latter ones (associated within the Article 29 Working Party) and the European Commission supported the idea of simplifying the current system. Against this background, the legislative reform proposed by the European Commission in 2012, which intends to replace Directive 95/46/EC by an overall mandatory regulation, sets up a new way of thinking the administrative burdens on data controllers, from a double perspective: on the one hand, by lessening the obligations in relation to the supervisory authorities (for instance, no obligation to notify subsists), and on the other hand, by multiplying the legal requirements to internally implement a number of measures aiming at enhancing the level of protection of the personal data processed by a certain data controller. This paper will focus on the main changes adduced by the recent legislative proposal as regards the administrative obligations of the data controllers.

• Details
• Contents