The EU data protection landscape, having remained largely unchanged since 1995, is now on the brink of a radical transformation. After extensive negotiations, the GDPR was formally adopted on 4 May 2016 and is set to replace most EU data protection legislation.
Unlike the current Directive, the GDPR will be directly applicable in all EU Member States without the need for national legislation. It will apply from 25 May 2018.
The GDPR brings new concepts into the regulatory spotlight, including profiling and the right to be forgotten. It imposes extensive new obligations on businesses and transforms the role of the Data Processor. Rights for individuals are significantly strengthened and maximum fines in respect of breaches are increased exponentially to €20,000,000 or 4% of annual worldwide turnover under the GDPR.
If you would like more information on the GDPR or the Directive, please contact one of the members of our Data Protection & Privacy team.