Public bodies have two years to apply new data protection rules following their adoption by the European Parliament.

The data reform package passed at the end of last week includes the General Data Protection Regulation (GDPR) and the Police and Criminal Justice Authorities Directive (PCJAD).

The GDPR will introduce significantly increased penalties of up to 4% of annual turnover for breaches.

Frans Timmermans, European Commission vice-president in charge of the Digital Single Market Andrus Ansip made a joint statement with commissioner for justice, consumers and gender equality, Věra Jourová.

It said: “The new rules will ensure that the fundamental right to personal data protection is guaranteed for all.

“The GDPR will help stimulate the Digital Single Market in the EU by fostering trust in online services by consumers and legal certainty for businesses based on clear and uniform rules.

“The Data Protection Directive for police and criminal justice authorities ensures a high level of data protection while improving cooperation in the fight against terrorism and other serious crime across Europe.”

Related content

Councils uncertain over effect of European Union General Data Protection Regulation fines
How the EU’s General Data Protection Regulation Will Impact Your Organisation

The new package replaces current data protection rules based on the 1995 Data Protection Directive and the 2008 Framework Decision for the police and criminal justice sector.

The GDPR will give citizens more information on how their data is processed, and will strengthen the “right to be forgotten” as well as introducing a new right to “data portability”.

Organisations storing data will only have to deal with a single supervisory authority.

The PCJAD is aimed at allowing the smoother exchange of information between police and judicial authorities by creating a single set of data protection rules.