The Euro­pean Commis­sion provides prac­tical exam­ples of applying the regu­la­tions on the free flow of non-personal data.

SJS/AD – 06/2019

The Regulations On The Free Flow Of Non-Personal Data have been in force in the European Union since 28 May. They are part of the strategy for a Digital Single Market and allow data to be stored and processed anywhere in the EU without any undue restrictions.


‘By 2025 the data economy of the EU27 is likely to provide 5.4% of its GDP, equivalent to €544 billion. However, that huge potential is limited if data cannot move freely. By removing forced data localisation restrictions, we give more people and businesses the chance to make the most out of data and its opportunities,’ said Andrus Ansip, Vice-President for the Digital Single Market.

Differ­en­ti­a­tion from personal data

In Regulation (EU) 2018/1807, the term ‘data’ means ‘data other than personal data as defined in point (1) of Article 4 of Regulation (EU) 2016/679’. These data, here also referred to as ‘non-personal data’, are distinguished from personal data within the meaning of the General Data Protection Regulation.


Data that were originally personal data but were later rendered anonymous are also non-personal data. The ‘anonymisation’ of personal data differs from pseudonymisation because properly anonymised data cannot be attributed to a specific individual, even through the use of additional data, and are therefore non-personal data.

Impact on German Social Secu­rity

In the German social security system, there is also a large amount of operational and statistical non-personal data, especially anonymised data. If the self-governing committees, institutions or federal associations of the German social insurance system award contracts for the storage or processing of this data, it is currently possible to impose data localisation restrictions. This reflects the high demands that the legislator places on the German social security system for the collection, processing or use of social security data.

Prac­tical exam­ples provide help

In order to facilitate the practical application of these new provisions in the context of the EU data regulations, the Commission issued a guidance document (COM/2019/250) on 29 May 2019. The aim of these guidelines is to provide assistance with applying data protection rules, especially for small and medium-sized enterprises. In addition to practical examples, the guidance also deals with self-regulation.

We use cookies and similar technologies to understand how you use our services and improve your experience. By clicking 'Accept', you accept all cookies. Otherwise we use only functionally essential cookies. For more information, please see our Data Protection Policy