Article written by Kurt Cortis – Executive, MEUSAC
Published in The Malta Independent – 13.03.2020
The introduction of the General Data Protection Regulation (GDPR) in 2018 sought to harmonise a legal framework among 28 Member States (now 27), regulating the acquisition, use and storage of personal data and strengthening data protection rights of 512 million EU citizens. The regulation enforces and strengthens citizens’ rights in relation to data protection, whilst also setting new and clear obligations for businesses and organisations on data management. Enforcement for such a regulation is needed in order to preserve one’s private life, to protect the functioning of EU Member States’ democracies, to ensure a level playing field for businesses all over the EU, as well as to ensure the sustainability of an ever increasing data-driven economy.
At its core, the GDPR seeks to regulate the manner in which business acquire, use and store personal data. It does not hinder on a business’s ability to use such data for its own benefit, but simply enforces the requirement of informed consent. Meaning that personal data may only be acquired, used and/or stored if the owner is actively aware of, and consent is given for its acquisition, use and/or storage. In this regard, the GDPR seeks to re-instil citizens’ confidence in sharing data with businesses, considering the various data scandals in recent years. In return, businesses having fully implemented their GDPR obligations stand to increase their ability to operate in such a highly competitive market.
The GDPR also established the formulation of Data Protection Authorities (DPAs) in every Member State, tasked with supervising, through investigative and corrective powers, the application of the data protection law. They provide expert advice on data protection issues and handle complaints lodged against violations of the GDPR and the relevant national laws.
The Office of the Information and Data Protection Commissioner (IDPC) is the national DPA in Malta, tasked with supervising the application of the data protection law, providing expert advice to businesses, whilst also managing complaints of violations. Through the assistance provided by MEUSAC, the IDPC was able to successfully apply under the Rights, Equality and Citizenship (REC) Programme to request EU funds for the implementation of a 24-month project which has the aim to raise awareness amongst citizens and business stakeholders, particularly SMEs, on their rights and obligations under the GDPR. This proposal has been selected for funding.
The REC programme particularly contributes to the further development, promotion and protection of a person’s rights as an EU citizen. As such, this programme promotes non-discrimination, rights of persons with disabilities, gender equality and mainstreaming, and combats all forms of intolerance; whilst also ensuring the highest level of data protection and consumer rights to its citizens. In this regard, the programme issues various calls for proposals per year, open for public entities, private organisations and international organisations to tackle these issues. Not all of the mentioned entities are eligible for all calls under this programme as the eligibility of these entities depends on the eligibility requirements of each particular call. .
In a Joint Statement by First Vice-President of the European Commission Timmermans, former Vice-President of the European Commission Ansip, and Commissioners Jourová and Gabriel, ahead of Data Protection Day, it was stated that “one of the main aims of the General Data Protection Regulation is to empower people and give them more control over one of the most valuable resources in modern economy – their data. We can only reach this goal if and when people have become fully aware of their rights and the consequences of their decisions”.
Titled ‘GDPRights’, IDPC’s project seeks to directly reflect this statement in that their €236,650 project aims to inform the general public about their rights, whilst also educating the private sector of their obligations and responsibilities. Primarily, an extensive awareness raising campaign will be undertaken, informing Maltese citizens of their increased data protection rights under the GDPR, as well as to promote safe practices for online data supply.
Moreover, the project shall also engage in the development of an Online Self-Assessment Compliance tool, aimed primarily at SMEs and other Data Protection Officers within the private sector, as a means to determine their own conformity to the GDPR, which set specific obligations on businesses (including SMEs) in the acquisition, storage and use of personal data.
MEUSAC can support entities to apply for calls under the REC programme and other EU funding opportunities. For more information, contact MEUSAC on firstname.lastname@example.org or 2200 3300.« Back