What you need to know about the new EU General Data Protection Regulation
Data protection has entered a period of unprecedented change.
This has been driven by:
- An increasing number of high-profile data breaches reported in the media that have led consumers and regulators to be concerned about how personal data is managed
- The demise of safe harbour
- The new European Union (EU) General Data Protection Regulation (GDPR) — a landmark moment in data protection
On 17 December 2015, after more than three years of tough negotiations and several draft versions of the GDPR, an informal agreement was reached between the European Parliament and the Council of the EU. The GDPR is a game changer for organizations. It introduces more stringent and prescriptive data protection compliance challenges, backed by fines of up to 4% of global annual revenue. The regulation replaces the Directive 95/46/EC, which has been the basis of European data protection law since it was introduced in 1995.
The regulation has a significant impact on businesses in all industry sectors, bringing with it both positive and negative changes for business in terms of cost and effort.
Organizations are likely to welcome the harmonization of laws across the 28 Member States which will make the complex data protection landscape easier to navigate for multinational organizations. The introduction of new rights for individuals, such as the right to be forgotten and the right to portability, as well as the introduction of mandatory breach notification requirements, are likely to increase the regulatory burden for organizations. Businesses need to review their current data protection compliance programs to determine next steps and decide on the level of investment they need to make before 2018 to address the changes.
Read more here.
EY Legal Services Contacts:
Peter Katko – Global Digital Law Leader
FabriceNaftalski – Global Data Privacy Leader