After years of intense discussions, the EU General Data Protection Regulation (GDPR) was finally adopted on 14 April 2016.
The GDRP sets out uniform new rules in the field of data protection across the EU, rules that will standardize the law in the 28 EU Member States and have an impact on both European and non-European companies. For example:
- data controllers (companies collecting and using personal information) will have a wide range of new obligations, including:
- data breach notification;
- implementation of the right to be forgotten;
- appointment of a data protection officer;
- privacy impact assessment before processing data; and
- implementation of “privacy by design” and “privacy by default” principles when designing new products.,
- data processors’ liability will increase; and
- penalties in the event of non-compliance will be up to 4% of the annual worldwide turnover.
The full text of the GDPR will be published within two months and will enter into force shortly thereafter. However, it will not be binding in its entirety and applicable in all EU Member States until 2018.
After publication of the full text of the GDPR, we will post a more detailed discussion of the new obligations imposed on companies to help you being ready and compliant.