Update on EU data protection regulation
On December 17, 2015, the European Parliament’s Civil Liberties, Justice and Home Affairs Committee approved the final text of the European Union General Data Protection Regulation, after lengthy negotiation.
The regulation, intended to replace the EU Data Protection Directive, which is over 20 years old, is supposed to help the 28 EU member states consistently address privacy compliance and enforcement against companies. Significantly, the regulation dramatically increases the fines and penalties that the privacy authorities can assess for a violation—up to 4% of a company’s global income—a significant amount for global companies.
The regulation must be approved by the European Parliament, which is reportedly set to happen in the next few weeks. If approved, which is predicted to be likely, companies will have a two year transition period to get into compliance. Many companies are already getting a head start on compliance now, and those that aren’t, should consider doing so.