The proposal for reform of the EU's privacy and data protection laws look to be very ambitious and far reaching. Under the proposals, the "patchwork" of data protection laws and reporting requirements across Europe will be replaced with a single set of rules for all 27 member states.
The proposal's centrepiece is a new draft General Data Protection Regulation. The most controversial parts of the draft regulation are the sanctions for regulatory breach. Although Member States are to specify the exact rules for enforcement, the draft Regulation states that maximum fines may be up to 2% of a company's annual worldwide turnover. This will represent a step change in the consequences of non-compliance.
Another significant change, affecting large employers, is that they will be required to appoint data protection officers. Organisations with more than 250 employees will have to designate a data protection officer to ensure that they deal with the personal information of staff and customers correctly.
The draft regulation will need to be approved by the EU Member States and ratified by the European Parliament. It is expected that it could take at least two years before the regulation is adopted. However, given the wide-ranging nature of the regulation, organisations should starting thinking now about how they will comply with it.
Please refer to our Commercial Team's note: Proposed New European Data Protection Regulation – a Data Privacy Day gift from the EC for further information.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
