The European Commission has published the guidance after Regulation EU 2018/1807 came into force on 28 May 2019.
As part of its Digital Market Strategy, the European Commission has published guidance on the free flow of personal data. The new Regulation (EU) 2018/1807 on the free flow of non-personal data, which started to apply in member states on 28 May 2019, seeks to remove obstacles to the free movement of non-personal data across member states and IT systems in Europe.
Together with the GDPR, the new Regulation on the free flow of non-personal data aims to provide for a stable legal and business environment on data processing. The new Regulation prevents EU countries from putting laws in place that unjustifiably force data to be held solely inside national territory. The aim of the new rules is to increase legal certainty and trust for businesses and make it easier for SMEs and start-ups to develop new innovative services, to make use of the best offers of data processing services in the internal market, and to expand business across borders.
The key points of the Regulation are:
The guidance to the Regulation aims to help users, in particular small and medium-sized enterprises, understand the interaction between the new Regulation and the General Data Protection Regulation, especially when datasets are composed of both personal and non-personal data.
The guidance gives practical examples on how the rules should be applied when a business is processing datasets composed of both personal and non-personal data. It also explains the concepts of personal and non-personal data, including mixed datasets; lists the principles of free movement of data and the prevention of data localisation requirements under both, the GDPR and the new Regulation; and covers the notion of data portability under the new Regulation. The guidance also includes the self-regulatory requirements set out in the two Regulations.