The European Parliament (or EU Parliament) finally adopted, enacted, or approved the General Data Protection Regulation (GDPR) on 14 April 2016 after four years of negotiations. The GDPR is the most important piece of personal data protection legislation in the world and is the biggest development in 30 years. Therefore, it is critical to take notice of it and consider its implications. On 6 April, prior to the GDPR being enacted by the EU Parliament, the Council of the European Union approved the final wording of the GDPR.
What does the adoption of the GDPR mean?
The enactment of the GDPR by the EU Parliament repeals the 95 Directive and all national laws on personal data privacy made by member states including the UK Data Protection Act. The GDPR is going to have far-reaching compliance effects for anyone doing business in Europe or business involving European citizens. Our plain language heads up explains how the GDPR will operate, who is affected and penalties for non-compliance.
When will the GDPR come into effect?
On about 4 May 2018. There is a two-year grace or transition period starting from the date it is published in the Official Journal of the EU, which must happen before 4 May 2016. The timeline for the GDPR may impact the timeline for data protection laws in other countries (like the commencement date of Protection of Personal Information Act in South Africa).
The adoption or enactment of the GDPR by the EU Parliament is an important milestone in personal data privacy law. You need to start the process to determine how you are affected by the GDPR and to bring your organisation into alignment with the GDPR requirements. Contact us to see how we can help you achieve this.