The resolution will establish a single set of rules for Member States and will impact organizations established within the EU, as well as those outside the region that process citizens’ data to offer them goods / services or to monitor their behavior.
The Council endorsed a “risk-based approach” that gives greater discretion to data controllers in managing their protection compliance obligations.
The proposal is expected to be adopted by the end of 2015, coming into force two years following the date of publication. EY is advising firms to begin assessing how the change will impact their activities.
Read more in our latest Law Alert.