The European Parliament, the Council and the Commission reached agreement on 15 December 2015 on new data protection rules, establishing a modern and harmonised data protection framework across the EU. The recitals to the Regulation specifically state that the new rules are to provide a "strong and more coherent data protection framework in the Union, backed by strong enforcement, given the importance of creating the trust that will allow the digital economy to develop across the internal market."
The Regulation is now in force and directly applicable in all member states but will only apply from 25 May 2018. The Directive also entered into force in May of this year and EU Member States have to transpose it into their national law by 6 May 2018. The "implementation phase" has now officially started, ie a period in which companies will have to ensure that their organisations comply with the new rules by the time they become applicable in May 2018.
Please see below for the full titles of the Regulation and Directive:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
