Last night the negotiating parties agreed the text for the General Data Protection Regulation (GDPR) – significant for any business, regardless of their industry.
After years of debate, the negotiating parties last night agreed the text for the EU's new General Data Protection Regulation (GDPR) – aimed to bring Europe's ageing rules in line with the modern technological era.
This will impact every organisation, both public and private sectors and across all industries – as Fieldfisher's Head of Privacy, Hazel Grant, explains: "this is the single most important change in data privacy law for the UK and EU in the last twenty years. It will affect all businesses, all over the world - as every organisation has employees and contacts, even if they don't have individual customers. Perhaps most notably there will be fines of up to 4% of global turnover meaning that every business will need to pay close attention to this area of compliance. Additionally, we will now see in the EU a requirement to carry out data breach notification. When personal information is lost or hacked, an organisation will be obliged to tell regulators and affected customers and employees.
"The GDPR will usher in an era of greater accountability, with significantly increased transparency and controls for individuals to exercise management of their data. It will have a global effect, so that any business that collects and uses data from European citizens – whether established in the EU or not – will potentially find itself subject to EU data protection rules." Fieldfisher's Privacy Law blog explains in greater detail the business implications of this development.
The GDPR will replace the 'patchwork quilt' of 28 different EU Member States' laws will with a single, unifying data protection law, which should lead to significantly greater data protection harmonisation throughout the EU.