EU Data Protection Regulation

Andrew Danson, Noirin McFadden
K&L Gates LLP
Contact
LinkedIn
Facebook
X
Send
Embed

On 15 June 2015 the European Council published its final proposed text for the new General Data Protection Regulation. The Regulation is being adopted to provide legal certainty and transparency for businesses and to provide individuals with the same level of rights and obligations in all EU Member States.

The Regulation will apply to data controllers located outside of the EU whose processing activities relate to the offering of goods or services to data subjects within the EU as well as to data controllers located within the EU. Moreover, the Regulation will for the first time introduce a requirement on companies (in either a processor or controller role) to conduct data protection impact assessments where processing activities are likely to be intrusive in relation to the rights of individuals.

The Regulation has been subject to much debate. The final draft raises two new specific areas of regulation which will likely be onerous on data controllers:

  • Introduction of mandatory reporting requirements. The Regulation requires data controllers to notify any personal data breaches to the supervisory authority in their jurisdiction upon becoming aware of such a breach and if possible, within 72 hours. Unless the affected data has had appropriate technological protection measures applied to it, the data controller will also be required to notify the data subject as soon as practicable and in accordance with any guidance provided by the supervisory authority. This represents a significant departure from previous practice in many EU Member States.
  • Introducing increased fines for infringement of the Regulation. The relevant supervisory authority will determine on a case-by-case basis the level of fine to be imposed in accordance with the Regulation's criteria and upper limits. The maximum fine will now be EUR 1 million or 2% of the worldwide annual turnover of the company, whichever is the higher.

A copy of the published text can be found here.

The next step is for trilogue discussions to take place between the European Council, European Commission and European Parliament to reach a final version of the text; the first trilogue meeting is to be held in Brussels on 24 June 2015. It is expected that these discussions will last until the end of 2015 or into 2016. Once the final text is agreed and adopted it will take approximately two years to come into force.

Written by:

K&L Gates LLP
K&L Gates LLP
Contact
more
less

K&L Gates LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide