Go back to the Europarl portal

Choisissez la langue de votre document :

  • bg - български
  • es - español
  • cs - čeština
  • da - dansk
  • de - Deutsch
  • et - eesti keel
  • el - ελληνικά
  • en - English (Selected)
  • fr - français
  • ga - Gaeilge
  • hr - hrvatski
  • it - italiano
  • lv - latviešu valoda
  • lt - lietuvių kalba
  • hu - magyar
  • mt - Malti
  • nl - Nederlands
  • pl - polski
  • pt - português
  • ro - română
  • sk - slovenčina
  • sl - slovenščina
  • fi - suomi
  • sv - svenska
Parliamentary questions
PDF 104kWORD 18k
25 October 2017
Answer given by Ms Jourová on behalf of the Commission
Question reference: E-005081/2017

The rules contained in the EU General Data Protection Regulation (GDPR)(1) for processing personal data, including genetic data, biometric data and data concerning health, will be directly applicable to controllers and processors as from 25 May 2018.

The GDPR provides in particular for the right of the individual to be informed by the controller about the purposes of the processing and about other relevant aspects such as the existence of automated decision-making, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject; the data subject is also entitled to receive information about the intention to further process personal data for other purposes than the initial ones (Articles 13 and 14 GDPR).

The individual is also entitled not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her (Article 22 GDPR). Depending on the purposes of the processing and the risks for the rights of individuals, controllers must have in place appropriate technical and organisational measures to ensure that the processing is GDPR-compliant.

The Commission is working closely with Member States to achieve uniform application of the GDPR to achieve a high level of personal data protection across the EU.

(1)Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1‐88.

Legal notice