On 25 January, the European Commission published its proposal for a General Data Protection Regulation. The extensive proposals would significantly increase data protection across Europe.
The key proposals are as follows:
-
Harmonisation: A single set of rules will apply across Europe. It has been suggested that introducing a collective set of rules to replace the current assortment of European data protection legislation will save businesses around €2.3 billion a year.
-
Scope of the Regulation: The new rules will apply to businesses based in Europe as well as to businesses based outside the European Union that process European citizens' personal data for the sale of goods or services, or the monitoring of their behaviour. The new rules will therefore affect a large number of US and other international businesses.
-
Fines: The penalties for noncompliance will be significant, with businesses facing proposed fines of up to €1 million or up to 2% of their annual worldwide turnover (depending on whether the organisation is an 'enterprise').
-
Explicit consent: The new definition of 'consent' under the proposed Regulation includes a requirement that consent must be explicitly obtained. Businesses will not, therefore, be able to assume an individual's consent.
Please see full alert below for more information.
Please see full publication below for more information.
LOADING PDF: If there are any problems, click here to download the file.
