유럽연합의 새로운 개인정보보호 법제에 관한 소고

European Commission published the draft of General Data Protection Regulation on January 25 2012 in order to update the legislative system on personal information protection of the European Union(EU). The EU has settled on the final text of its General Data Protection Regulation after four years' debate and it will come into force on May 2018. It’s absolutely necessary for the authorities and companies which will use the personal information of european citizens to sufficiently understand General Data Protection Regulation because they could determine the limitation of legitimate use about personal information and address the problems involved. In addition, it’s meaningful for us to understand personal information protection system of EU in order to establish our environment that protects personal information and encourages to use that at the same time. Therefore, I deal with the fundamental characteristics about legislative system on personal information protection of the European Union and critical changes introduced by General Data Protection Regulation and its implications in this paper. It will come into direct legal effect in all EU member states. Specifically, it extends the range of application, modifies the definition of personal data and introduces the concept of pseudonymisation. It adds new principles regarding the process of personal data and introduces more hurdles around what constitutes a valid consent and the procedure of children’s consent. Moreover, it enhances the rights for individuals and asks data controllers to have more responsibilities for the process of personal information. It also enhances rules for transfers of personal information out of the European Union and introduces a ‘One-Stop Shop’ mechanism. Lastly, it strengthens the sanctions against the infringement of personal information.