Scanrail - FotoliaWhich rules apply to protection of non-personal data?
The European Commission provides practical examples of applying the regulations on the free flow of non-personal data.
SJS/AD – 06/2019
The Regulations On The
Free Flow Of Non-Personal Data have
been in force in the European Union since 28 May. They are part of the strategy
for a Digital Single Market and allow data to be stored and processed anywhere in the EU without any undue
restrictions.
‘By 2025 the data
economy of the EU27 is likely to provide 5.4% of its GDP, equivalent to €544
billion. However, that huge potential is limited if data cannot move freely. By
removing forced data localisation restrictions, we give more people and
businesses the chance to make the most out of data and its opportunities,’ said
Andrus Ansip, Vice-President for the Digital Single Market.
Differentiation from personal data
In Regulation (EU)
2018/1807, the term ‘data’ means ‘data other than personal data as defined in
point (1) of Article 4 of Regulation (EU) 2016/679’. These data, here also
referred to as ‘non-personal data’, are distinguished from personal data within
the meaning of the General Data Protection Regulation.
Data that were
originally personal data but were later rendered anonymous are also
non-personal data. The ‘anonymisation’ of personal data differs from
pseudonymisation because properly anonymised data cannot be attributed to a
specific individual, even through the use of additional data, and are therefore
non-personal data.
Impact on German Social Security
In the German social
security system, there is also a large amount of operational and statistical
non-personal data, especially anonymised data. If the self-governing committees,
institutions or federal associations of the German social insurance system
award contracts for the storage or processing of this data, it is currently
possible to impose data localisation restrictions. This reflects the high
demands that the legislator places on the German social security system for the
collection, processing or use of social security data.
Practical examples provide help
In
order to facilitate the practical application of these new provisions in the
context of the EU data regulations, the Commission issued a guidance document (COM/2019/250) on 29 May 2019. The aim of
these guidelines is to provide assistance with applying data protection rules, especially
for small and medium-sized enterprises. In addition to practical examples, the guidance
also deals with self-regulation.