The new EU General Data Protection regulation - what do you need to know?
1 February 2016
On the 17th December 2015, the European Parliament's Civil Liberties, Justice and Home Affairs [LIBE] Committee voted resoundingly in favour of the new General Data Protection Regulation (GDPR).
Due to come into force in early 2018, the GDPR is the most significant development in data protection law in 20 years.
The GDPR is designed to help empower consumers; businesses, as data guardians, will need to be prepared to act on the changes.
Data breach notification will become mandatory, meaning that serious data breaches will no longer be able to be swept under the carpet.
Data portability, for consumers who want to move their data between services, will require businesses to put in place provisions for users to transfer their data between service providers.
There will be provisions for European Union member states to set age limits between 13 and 16 years old, below which companies would be banned from handling data without parental consent, anticipated to impact on social media and online services.
The GDPR may encourage businesses looking to enter the EU market to come to the UK, as the new rules mean that multinationals will be answerable to only one data protection, based on where they have their ‘main establishment’. The ICO as a pragmatic and commercially minded regulator may therefore make the UK a prime choice for data rich businesses.
Individuals will have the right to receive compensation if they have suffered material or immaterial damage as a result of companies breaching the GDPR.
We have been covering the regulation extensively since the vote. Please click here to view our most recent webinar on what the GDPR means for consumers.
We have also covered how the GDPR will affect businesses. To read about the changes that businesses need to be aware of with the coming regulation change, please click here.