Project deliverable Open Access

Advice to Archives arising from "E-ARK Legal Issues Report: European Cultural Preservation in a Changing Legislative Landscape"

Anderson, David; Anderson, Janet

The adoption by the EU of the Data Protection Directive (95/46/EC) marked a pivotal moment in the history of European personal data protection. Two decades later, the fundamental principles around which the Directive was structured continue to be relevant, but the ever-increasing pace of technological change, and globalisation have undoubtedly presented challenges for data protection that the original Directive is ill-equipped to address. The world of the early 21st Century is the world of social networking, apps, cloud computing, location-based services and smart cards. It is almost impossible for individual citizens to go about their daily business, or to buy goods and services without leaving digital footprints. Without effective control over how this information is stored and used, the potential for adverse consequences is obvious.

With the introduction of the “General Data Protection Regulation”[1], the European Commission has modernised the EU legal system for the protection of personal data. One of the key policy objectives behind the revisions was to make more consistent the implementation and application of the protection of personal data in all areas of the Union's activities. Anticipated benefits included the strengthening of the rights of individuals, reduced administrative overhead, and an improved flow of personal data within the EU and beyond.

The new regime introduces new concepts, and revises the understanding of those drawn from earlier data protection regulation.  Not everything has changed, but a great deal has, and nothing should be taken for granted.  In the E-ARK deliverable D2.2 “E-ARK Legal Issues Report: European Cultural Preservation in a Changing Legislative Landscape”[2], readers will find a section by section comparison of the existing regulation with the text of the GDPR.  The purpose of the current document is to supplement that analysis with a very abbreviated set of discrete recommendations targeted, primarily, at the archives community.

In this report suggestions are made under five key areas:  

  • The Obligations and Liabilities of Data Controllers
  • Consent
  • Personal Data Breach Notification
  • Transfers of personal data
  • Legal enforcement & Penalties

Where advice is offered, it is couched in terms of:

  • what one should Ensure happens
  • what one should Monitor
  • what one should Consider

 

[1] Regulation (EU) 2016/679

[2] Available from the E-ARK website at http://www.eark-project.com/resources/project-deliverables/33-d22-legal-issues-report-european-cultural-preservation-in-a-changing-legislative-landscape

Files (700.5 kB)
Name Size
E-ARK D2.2.1.pdf
md5:daba8b33d5840528b8b50d3b440b8580
700.5 kB Download
4
2
views
downloads
All versions This version
Views 44
Downloads 22
Data volume 1.4 MB1.4 MB
Unique views 33
Unique downloads 11

Share

Cite as