The highly anticipated revisions to the EU legal regime for data
protection have now been adopted following the publication of the
official texts of the General Data Protection Regulation and Data
Protection Directive. On 04 May 2016, the official texts of the EU
Regulation 2016/679 of the European Parliament and of the Council
on the protection of natural persons with regard to the processing
of personal data and on the free movement of such data, and
repealing Directive 95/46/EC (the "General Data Protection
Regulation") and the EU Directive 2016/680 of the European
Parliament and of the Council on the protection of natural persons
with regard to the processing of personal data by competent
authorities for the purposes of the prevention, investigation,
detection or prosecution of criminal offences or the execution of
criminal penalties, and on the free movement of such data, and
repealing Council Framework Decision 2008/977/JHA (the "Data
Protection Directive") were published in the EU Official
Journal in all the official languages.
This marks an important milestone in the adoption of the General
Data Protection Regulation and of the Data Protection Directive as
four years have passed since their official first draft release, on
25 January 2012, which promised greater EU personal data protection
and a modern and harmonized data protection framework across the
European Union. This is also an answer of the E.U. to the Max
Schrems case law of the European Court of Justice, generally known
as the Europe v. Facebook case.
While the General Data Protection Regulation will enter into
force on 24 May 2016, it shall apply with effect from 25 May 2018
and shall be directly applicable to all EU member states without
need for national implementing legislation. The Data Protection
Directive, however, has entered into force effect on 05 May 2016
and will need to be transposed into national law by the EU Member
States by 06 May 2018.
As a consequence of its enforcement, the General Data Protection
Regulation shall repeal the current Data Protection Directive
officially known as Directive 95/46/EC, which is part of the EU
privacy and human rights law.
Here are some of the highlights of the newly published data
protection reform instruments:
A "right to be forgotten": When an individual no
longer wants her/his data to be processed, and provided that there
are no legitimate grounds for retaining it, the data will be
Easier access to one's data: Individuals will have more
information on how their data is processed and this information
should be available in a clear and understandable way, making it
easier for individuals to transmit personal data between service
The right to know when one's data has been hacked:
Companies and organizations must notify the national supervisory
authority of data breaches which put individuals at risk and
communicate to the data subject all high risk breaches as soon as
Data Protection Officers: Certain data controllers and
processors must designate a Data Protection Officer (the DPO) as
part of their accountability program.
Stronger enforcement of the rules: data protection authorities
will be able to fine companies which do not comply with EU rules up
to 4% of their global annual turnover.
Companies are not required to take any adjusting measures until
the enforcement of the General Data Protection Regulation and the
Data Protection Directive in 2018, unless national data protections
agencies will impose such measures.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The fourth and final part of our mini-series on the draft ICO guidance on Consent, published on 2 March 2017, focuses on the practical impact the GDPR (General Data Protection Regulation) will have on how your organisation records and manages consent.
In light of the much anticipated ICO draft GDPR (the General Data Protection Regulation) Consent Guidance being published yesterday, 2 March 2017, we will be running a mini-series on the guidelines under consultation and the impact the GDPR will have on the much vexed position of consent and the impact on your business.
To coincide with Data Privacy Day, we have prepared a roundup of five recent announcements and developments in the world of privacy and data protection.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).