The European Commission has lifted geographic restrictions on the free flow of non-personal data between EU Member States.
The new Regulation permitting unrestricted non-personal data flow, which comes into effect today, enables data to be shared and stored across the EU. The Commission today published new guidance, aimed particularly at small and medium-sized enterprises, to support businesses implementing the new Regulation while observing the terms of the General Data Protection Regulation, which focuses on personal data. The guidance includes sections on distinguishing between personal and non-personal data, how to apply the rules to mixed datasets and the self-regulation requirements imposed on businesses, with practical examples.
Mariya Gabriel, Commissioner for Digital Economy and Society, said: “Our economy is increasingly driven by data. With the regulation on the free flow of non-personal data and the General Data Protection Regulation, we have a comprehensive framework for a common European data space and the free movement of all data within the European Union. The guidance that we are publishing today will help businesses, especially small and medium-sized enterprises, to understand the interaction between the two regulations.”
The Regulation, implemented as part of the EU’s Digital Single Market Strategy, prohibits Member States’ governments from imposing laws which would ‘unjustifiably force’ data to be held within the national boundaries of a single Member State, enabling businesses to benefit from the free exchange of data.
Vice-President for the Digital Single Market Andrus Ansip said: “By 2025 the data economy of the EU27 is likely to provide 5.4% of its GDP, equivalent to €544 billion. However, that huge potential is limited if data cannot move freely. By removing forced data localisation restrictions, we give more people and businesses the chance to make the most out of data and its opportunities. Today’s guidance will now give full clarity on how free-flow of non-personal data interacts with our strong personal data protection rules.”