Alex van der Wolk and Ronan Tigner
Privacy + Data Security
After four years of intense negotiations, EU institutions have finally closed the deal on the General Data Protection Regulation (GDPR), which was introduced by the EU Commission on January 25, 2012 as part of its data protection package.
The EU Parliament approved the GDPR in its plenary session on April 14, 2016 in the regulation’s second reading (see the Parliament’s Resolution here). This was the final and highly anticipated step in the GDPR’s bumpy adoption process, a few days after the Council voted on the GDPR in its first reading on April 8, 2016. There were no substantive deviations by the Council from the version unofficially agreed to on December 15, 2015 at the last trilogue meeting. But it took a lot of effort to get there, and the GDPR will certainly be remembered as one of the more debated pieces of legislation in the EU’s legislative history.
There is no final official release of the instrument yet, but the expectation is that it will be published in the EU’s Official Journal (OJ) in May 2016. For now, the reference document is the version voted on by the Council, available here. The GDPR will enter into force 20 days after its publication in the OJ, and become fully applicable two years after that date. This means companies have until May 2018 to reach compliance.
The GDPR will entail major changes for businesses and individuals alike. Key changes include:
At this stage, we highly recommend that companies launch compliance programs to ensure they can reach the 2018 deadline for compliance. These programs could include actions such as:
See also the 12 steps checklist of March 2016 published by the UK ICO, which outlines steps that organizations can take now to prepare for the GDPR.
For a more detailed analysis of the GDPR and what it entails for businesses, see our client alert.
1 The package also comprises a Directive on the processing of crime-related data by competent authorities, which received less attention than the GDPR and is not as directly relevant to companies.
Contact our world-class privacy and data security lawyers.
Cyber Crime Firm of the Year
©1996-2019 Morrison & Foerster LLP. All rights reserved.