4086815845

THE EU DATA PROTECTION REFORM -.STRENGTHENŚ-GITIZENS' RIGHlS

_r-\r • •—>**^j 4ti^iitiiii *

What does it mean for ExcEED's database on buildings' energy performance?

January 2018

To ccpe wito this fas:-:hanging cigital enf/roomert, the Eurcpean Union has lommitted to ensure continuity of cata protection by imoementing new futire-proof, technolpgically-neutral regjlations. Tus, the EU Genera Data Prctectic-r Peeulaticn (GD^DR) comes into play. As the most important change in data privac/ regj ation in rwo decades, the GD³R aSgns e<isring rUes with technological de/elopments.

Tne aim of the GDPR is to protect all EU citizens from prva:y and data breaches. Tnese ne* regulations wil be enforced from 25^:r' May 20'8. As ExcEED, oj: alsc all other projects/initiatives that deal with data on the erergy perfornance of buildings, must imolement the new 'ules, sorre main changes are highlighted in this factsheet.

Althojgh tne key prindples of data pri</acy still hołd tn.e tc the previous EU regulations, the'e a'e sorre keynewaspects:

• Increased Territorial Scope (extra-terrltorial applicability)

In light of the appearance and greater use of cloud computing, morę data is stored in remote Computer server farms instead of personal computers. Thus, the GDPR gained an increased jurisdiction. In short, if a company located outside the EU is processing the personal data of EU citizens, it will be subject to the GDPR.

Penalties

Organisations in breach of the GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is a maximum fine for serious breaches and these rules apply also to 'douds'.