Sent to subscribers in September 2016
After a lengthy drafting process, the EU General Data Protection Regulation, which replaces Directive 95/46/EC, was formally approved by the EU Parliament in April 2016. It was published in the EU Official Journal in May 2016. Following a two-year transition period, the General Data Protection Regulation will apply and enforcement will commence through the European Union from late May 2018.
The General Data Protection Regulation is not just simply an update of a 20-year-old directive that was drafted at the dawn of the Internet era. The approval of the General Data Protection Regulation is a seminal development in the shaping of the data protection law throughout the EU Member States as a cohesive, homogenous whole, where one single law becomes the primary vehicle governing the activities of very diverse countries. The General Data Protection Regulation attempts in different ways to increase the consistency among the legal regimes of the EU Member States in order to reduce several of the current obstacles that companies face when they carry out business in numerous countries in the European Union.
Although the General Data Protection Regulation is intended to bring uniformity, we should not lose sight of the fact that a number of its provisions give leeway to Member States to enact additional measures beyond those stipulated in the Regulation.
Over the next two years, companies that fall under the jurisdiction of the General Data Protection Regulation are expected to modify their practices to ensure compliance. This is a significant task, not only for the companies impacted, but also for the Member State’s respective data protection regulators and governments as they seek to integrate and enforce a uniform law within their own legal frameworks. The next two years are going to be a very interesting time, requiring close collaboration between private companies and public institutions, both at the Member State and at European levels, in order to successfully implement the General Data Protection Regulation.
An overview of the other updates in Supplement 21 is provided below.