GDPR Text Approved

Proskauer on Privacy
Contact
LinkedIn
Facebook
X
Send
Embed

On December, 17, 2015, following the announcement that European officials had agreed on the language of the EU’s new General Data Protection Regulation (“GDPR” or “Regulation”), the EU Parliament’s Civil Liberties Committee approved the text of the GDPR.  The GDPR isn’t law yet, as it still needs to be approved by the EU Parliament next month.  However, the Parliament is expected to approve the Regulation, which would then go into force in 2018.  Once it becomes effective, the GDPR will replace the twenty-year-old EU Data Protection Directive (the “Directive”) and provide a new omnibus data protection law for the EU.

As officials had indicated previously, the GDPR differs from the Directive in a number of significant ways.

  • Data Subjects will have greater control over their personal data. Under Article 18 of the GDPR, data subjects will enjoy a “right to portability,” meaning that they will have the right to transmit any of their personal data from one controller to another. In other words, data subjects will be able to transfer their personal data between service providers. Also, Article 17 sets out the “right to be forgotten,” which gives a data subject the right to order a controller to erase any of the data subject’s personal data in certain situations.
  • Companies that violate the GDPR can expect significant fines. Article 79 states that companies may be fined a specific percentage of their annual global turnover for failing to comply with certain provisions of the GDPR. For example, a company that violates data subjects’ rights could face a fine of up to 4% of its annual global turnover which, for some large companies, could mean many millions – or even billions – of dollars.
  • Some companies will have to appoint a data protection officer. Article 35 requires certain entities, including those whose “core activities” involve large-scale processing of special categories of data (sensitive data), to appoint a data protection officer. Articles 36 and 37 provide further details on the duties of a data protection officer.

Be sure to check back for further updates on the GDPR and its implications for companies.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Proskauer on Privacy | Attorney Advertising

Written by:

Proskauer on Privacy
Proskauer on Privacy
Contact
more
less

Proskauer on Privacy on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide