Chinese businesses in Europe able to abide by GDPR: experts

The General Data Protection Regulation, the GDPR, has taken effect across the European Union, requiring businesses to take extra measures to protect the personal data of consumers.

Experts believe that Chinese businesses operating in Europe will be able to adapt to the new tighter regulations.

The General Data Protection Regulation has taken effect after four years of discussion and a two year interim period.

The GDPR was first put forward in 2012, and adopted by the European Parliament in 2016. It acts as an update to the existing regulations that were adopted in 1995.

German legal advisor Robert Fechner says the new data protection rules require businesses to protect the personal data and privacy of E.U. citizens.

German legal advisor Robert Fechner (L) speaks during an interview. [Photo: China Plus]

"The GDPR aims to protect an individual's personal data and privacy, creating a strict legal framework for businesses to protect the personal data of their consumers. It is legally binding on all companies operating in Europe, regardless of what kind of business they're involved in," says Fechner.

The rights of the individuals regarding their data, and the obligations of the data controllers and processors to protect those rights, are clearly stipulated in the new rules, which lay out the requirements for consumers to be notified of breaches and provide hefty fines for rule breakers.

The regulations also require opt-in consent when collecting data and detail the responsibilities of companies regarding data sovereignty.

Companies that break the data protection rules face fines as high as 4 percent of their worldwide revenue.

The definition of personal data has also been extended to include biometric data such as fingerprints and iris patterns, and sensitive data including a person's ethnic origin and religious faith. This is on top of the protections granted to personal data such as an individual's name, address, ID numbers, and IP address.

Maurizio Mensi, a professor from Italy's LUISS University, says the business community in his country has taken steps to learn the new regulation.

Maurizio Mensi, a professor from Italy's LUISS University. [Photo: China Plus]

"Big firms in Italy have already taken steps to prepare for the implementation of the GDPR, investing funds into personnel training. However, many small and medium companies are still unaware of the new regulation and also lack the funds they need to prepare. But now there are many services being provided for those enterprises, including classes, training sessions and seminars, so that they can adapt to the new regulation as soon as possible," says Mensi.

Some Chinese companies, such as banks, e-commerce, or Internet firms, will also have to abide by the regulation, since they often collect and process users' personal information.

Maurizio Mensi says he believes that those companies will fully learn the rules and make adjustments.

"The most important thing is to correctly understand the relevant items and make adjustments to adapt to them, such as how to get approval from the data subjects, how to handle the personal data of minors, and how to assess relevant risks. I believe that many Chinese enterprises are sensitive enough to take the initiative to learn the new regulation and the changes it brings," says Mensi.

He adds that the rules should be updated from time to time so as to keep pace with the rapid advancing of technologies.