The new EU General Data Protection regulation - what do you need to know
On the 17th December 2015, the European Parliament's Civil Liberties, Justice and Home Affairs [LIBE] Committee voted resoundingly in favour of the new General Data Protection Regulation (GDPR).
Due to come into force in early 2018, the GDPR is the most significant development in data protection law in 20 years.
The GDPR is designed to help empower consumers; businesses, as data guardians, will need to be prepared to act on the changes.
Data breach notification will become mandatory, meaning that serious data breaches will no longer be able to be swept under the carpet.Data portability, for consumers who want to move their data between services, will require businesses to put in place provisions for users to transfer their data between service providers.There will be provisions for European Union member states to set age limits between 13 and 16 years old, below which companies would be banned from handling data without parental consent, anticipated to impact on social media and online services.The GDPR may encourage businesses looking to enter the EU market to come to the UK, as the new rules mean that multinationals will be answerable to only one data protection, based on where they have their 'main establishment'. The ICO as a pragmatic and commercially minded regulator may therefore make the UK a prime choice for data rich businesses.Individuals will have the right to receive compensation if they have suffered material or immaterial damage as a result of companies breaching the GDPR.
For more information please contact Jaclyn Wilkins on +44 (0)20 7203 5122 or at mailto:email@example.com
News & Insights
Focus Antitrust - 6 December 2017
The latest in our regular update on competition law.
Uber data breach highlights notification obligations and GDPR impact
On 21 November 2017, it was reported that Uber had suffered a hack resulting in the unauthorised access of personal data.