iCompaas Support

Overview

This article ensures that the General Data Protection Regulation (GDPR) does not impose additional obligations on entities already subject to specific obligations under Directive 2002/58/EC. This applies particularly to entities providing publicly available electronic communications services within the Union. The repeal of Directive 95/46/EC marks the transition to GDPR while maintaining continuity for regulated entities.

Key Principles

• Continuity: Entities previously regulated under Directive 95/46/EC transition to GDPR without additional obligations.

• Specific Scope: Applies to providers of publicly available electronic communications services.

• Legal Alignment: Ensures consistency with obligations under Directive 2002/58/EC.

• Regulatory Clarity: Prevents duplication of compliance requirements during the transition to GDPR.
  
  

Organizational Applicability

This article applies to:

• Providers of publicly available electronic communications services in the EU.

• Legal and compliance teams ensuring adherence to GDPR and Directive 2002/58/EC obligations.

• Supervisory authorities monitoring compliance for entities in the electronic communications sector.
  
  

Implementation Requirements

• Recognize that GDPR obligations supersede Directive 95/46/EC.

• Verify that existing obligations under Directive 2002/58/EC remain in effect.

• Ensure no duplication or additional requirements are imposed by GDPR for covered entities.

• Document compliance measures and alignment with both GDPR and Directive 2002/58/EC.
  
  

Implementation Guidance

• Train staff on GDPR applicability versus existing obligations under Directive 2002/58/EC.

• Maintain records of obligations and compliance measures to demonstrate continuity.

• Coordinate with supervisory authorities to clarify transitional compliance requirements.

• Periodically review procedures to ensure ongoing alignment and legal compliance.
  
  

Periodic Review

• Frequency: Annually or when updates to GDPR or Directive 2002/58/EC occur.

• Responsible Role: Compliance Team, Legal Department, or Data Protection Officer (DPO).

• Outcome: Ensure regulated entities transition smoothly to GDPR while maintaining compliance with prior obligations.
  
  

Non-Compliance Risks

• Fines: Up to €20 million or 4% of global annual turnover for GDPR violations.

• Legal Exposure: Regulatory action for misalignment or misunderstanding of transitional obligations.

• Reputational Damage: Loss of trust due to improper application of GDPR or electronic communications rules.

• Operational Risk: Failure to maintain continuity may lead to compliance gaps and enforcement issues.