EU General Data Protection Regulation voted on today
17 December 2015
The European Parliament's Civil Liberties, Justice and Home Affairs [LIBE] Committee has voted resoundingly in favour of the new General Data Protection Regulation (GDPR).
Due to come into force in early 2018, the GDPR is the most significant development in data protection law in 20 years.
The GDPR is designed to help empower consumers; businesses, as data guardians, will need to be prepared to act on the changes.
Data breach notification will become mandatory, meaning that serious data breaches will no longer be able to be swept under the carpet.
Data portability, for consumers who want to move their data between services, will require businesses to put in place provisions for users to transfer their data between service providers.
There will be provisions for European Union member states to set age limits between 13 and 16 years old, below which companies would be banned from handling data without parental consent, anticipated to impact on social media and online services.
The GDPR may encourage businesses looking to enter the EU market to come to the UK, as the new rules mean that multinationals will be answerable to only one data protection, based on where they have their ‘main establishment’. The ICO as a pragmatic and commercially minded regulator may therefore make the UK a prime choice for data rich businesses.
Individuals will have the right to receive compensation if they have suffered material or immaterial damage as a result of companies breaching the GDPR.
We will be covering these developments in our seminars, webinars and newsletters over the coming weeks. Please click here for a list of upcoming webinars.
Please provisionally save the date for our seminar on Wednesday 2 March 2016, where the team will advise on best practice approach with a key note speaker. We will confirm the date, speaker and timings in due course.