09 May 2016

European Parliament publishes new General Data Protection Regulation – new law will become enforceable on 25 May 2018

On 4 May 2016 the European Parliament and the European Council published the new General Data Protection Regulation (GDPR) in the Official Journal of the European Union. This is the final step of a legislative process spanning over five years. According to Art. 99 Sec. 2 GDPR it will enter into force on 25 May 2018.

For further details, please see our comprehensive summary, dated 7 November 2013 (here), as well as our alerts on 24 April 2014 (here) and on 14 January 2016 (here).

Key elements of the GDPR include:

  • Right to be forgotten

  • Right to data portability

  • A decision cannot solely be taken based on automated data processing

  • Implementing data protection by design and by default

  • Enhanced obligations to notify the relevant Data Protection Authority within 72 hours of a data breach

  • The need to carry out privacy impact assessments before high risk processing

  • “Lead authority” approach to cross-border processing

  • Increased penalties - up to 4 % of group annual worldwide turnover in the preceding financial year

The GDPR will be directly applicable throughout the European Union – and even beyond if a company processes personal data of European citizens regarding offering them goods or services or monitoring their behavior within the European Union.

Over the next two years, the impact of the GDPR will be discussed. Some practical questions are:

  • How to draft data protection clauses in contracts which (potentially) run until after 25 May 2018. Parties need to take the GDPR into account.

  • How to implement and execute the right to data portability. A company needs to be prepared to provide personal data in a way that another company can easily import it.

  • How to carry out a privacy impact assessment. A white paper has already been published to characterize a tool to prepare such assessment.

  • The remaining scope of national data protection law, in other words the data protection regime under, for example, the German Teleservices Act and employment data protection.

We will provide you with updates on these discussions on a regular basis.

Data Central

Have you checked out our new Data Hub? Data Central contains a range of resources to help our clients minimise the legal, regulatory and commercial risks this data-driven environment presents and ensure that its full value is being realised.

A Guide to Doing Business in China

We explore the key issues being considered by clients looking to unlock investment opportunities in the People’s Republic of China.

Doing Business in China
Share on LinkedIn Share on Facebook Share on Twitter
    You might also be interested in

    Whilst it was comforting to hear from the UK’s data protection regulator, the Information Commissioner’s Office (ICO)

    30 April 2020

    The Coronavirus Large Business Interruption Loan Scheme (CLBILS) builds upon the UK government’s financial support being extended to UK businesses during the current period of COVID-19...

    30 April 2020

    In our work with international companies supplying goods to the UK, we see a number of common issues arising regularly.

    08 November 2019

    8 questions most frequently asked by clients in relation to patent litigation in China.

    24 July 2017

    This site uses cookies to enhance your experience and to help us improve the site. Please see our Privacy Policy for further information. If you continue without changing your settings, we will assume that you are happy to receive these cookies. You can change your cookie settings at any time.

    For more information on which cookies we use then please refer to our Cookie Policy.