After the European Court of Justice invalidated the Safe Harbor agreement in October 2015, the EU General Data Protection Regulation (GDPR) was eagerly anticipated.
On 15 December 2015, a political compromise on the GDPR was reached by the European Commission, European Parliament and the Council of the European Union. Two days later, the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs voted to adopt the new regulation.
The Council of the European Union reached agreement on several pending issues, including the question of consent; exemptions for archiving; the age limit for child protection; and impact assessments for biometric data.
The final text still needs to be approved by the European Parliament this month. If approval is reached, the regulation will come into force in 2018.
Now is the time for companies to make the necessary changes to align their compliance programs with GDPR provisions. Most companies will face new mandatory requirements, including privacy impact assessments and regular data compliance audits, notification of personal data breaches, and maintaining records of personal data activities.
Read our latest Law Alert to explore further the potential impact on companies operating in the EU that process personal data.