A milestone has been reached in the world of data protection law.  After three years of detailed discussions political agreement has been reached between the European Commission, Council and Parliament on the final text of the General Data Protection Regulation (the GDPR).

 

The GDPR will replace the Data Protection Directive 95/46/EC and therefore the UK Data Protection Act 1998 and will be directly applicable in all Member States without the need for implementing legislation.  The legislative process will be complete once the text is formally adopted by Council and Parliament, which expected in the coming months.  The GDPR will come into effect two years from formal adoption and is therefore anticipated to take place in the first half of 2018. Further detail about the key features of the GDPR is provided here.

 

It should not be forgotten that the European data protection reform package contained two pieces of legislation, the GDPR and the Data Protection Directive for Police and Judicial Co-operation on Criminal Matters (the Directive). The Directive contains harmonised laws intended to improve protection for individuals affected by crime and law enforcement, while enhancing cross-border police co-operation to better combat crime and terrorism.

In response to these developments the ICO has promised to do all it can to facilitate the implementation of the new regulations. The ICO will be providing regular advice and guidance on the GDPR prioritising new aspects of the GDPR, acknowledging that much of the text is already familiar territory.

Clearly changes, some of those significant, will need to be made in order to comply with the GDPR when it comes into force in 2018. Now is the time for organisations to promptly commence, GDPR implementation programmes.

 DAC Beachcroft will be undertaking a series of sector specific workshops and publications over the coming months to help guide clients through these changes. Further details about when these will be taking place will be made available shortly.

• GDPR agreement meets Christmas 2015 deadline

• Poland – Polish DPA provides Safe Harbor guidance

• Portugal – Portuguese DPA’s new rules on intragroup transfer agreements

• Kazakhstan – Administrative liability for failure to protect information systems containing personal data

• Kazakhstan – Localization of personal data

• Australia – Amendment to data breach notification requirements

• Chile – Government publishes updated agenda for digital development

---