The European Commission published a new guidance on the interaction of free flow of non-personal data with the EU data protection rules.
As part of the Digital Single Market strategy, the new Regulation on the free flow of non-personal data, which has started to apply in the Member states, will allow data to be stored and processed everywhere in the EU without unjustified restrictions. Today’s guidance aims to help users – in particular small and medium-sized enterprises – understand the interaction between these new rules and the General Data Protection Regulation (GDPR) – especially when datasets are composed of both personal and non-personal data.
Together with the General Data Protection Regulation (GDPR), which started to apply one year ago, the new Regulation on the free flow of non-personal data provides for a stable legal and business environment on data processing. The new Regulation prevents EU countries from putting laws in place that unjustifiably force data to be held solely inside national territory. It is the first of its kind in the world. The new rules increase legal certainty and trust for businesses and make it easier for SMEs and start-ups to develop new innovative services, to make use of the best offers of data processing services in the internal market, and to expand business across borders.
Today’s guidance gives practical examples on how the rules should be applied when a business is processing datasets composed of both personal and non-personal data. It also explains the concepts of personal and non-personal data, including mixed datasets; lists the principles of free movement of data and the prevention of data localisation requirements under both, the GDPR and the free flow of non-personal data Regulation; and covers the notion of data portability under the Regulation on the free flow of non-personal data. The guidance also includes the self-regulatory requirements set out in the two Regulations.
Access to the full news