The Regulation on the free flow of non-personal data, which applies from 28 May 2019, creates legal certainty for businesses to process their data wherever they want in the EU. It raises trust in data processing services and counters ‘vendor lock-in’ practices, that prevent users to port their data to other service providers or IT-systems. Together with the General Data Protection Regulation (GDPR), the EU has set a stable legal environment for the free movement of all data within the European Union.
The focus of the present guidance is the interaction between the free flow of non-personal data regulation and the GDPR. It particularly addresses:
- The concepts of personal and non-personal data, and their combination in so-called ‘mixed datasets’
- The principles of free movement of data and the prohibition of data localisation requirements
- Data portability.
The guidance also covers self-regulatory requirements set out in the two Regulations.
Details of any data localisation requirement that currently applies in any of the EU Member States can be found on their national websites (online single information points), links to which are available on the Your Europe portal.