New General Data Protection Regulation (GDPR) Replaces EU Data Directive. In January 2012, the European Commission first announced proposed revisions to the EU Data Directive. Following years of negotiations, the European Parliament and Council on December 17, 2015 announced that agreement had been reached on the text of a brand-new General Data Protection Regulation (GDPR). This draft document (over 200 pages) followed years of intense lobbying and represents a landmark moment in data protection and privacy both in Europe and around the world. It retains and strengthens many of the core principles of the EU Data Directive. The final version was approved by the EU Parliament on April 14, 2016. Effective Date. The GDPR went into effect two years after approval. Enforcement of the GDPR began on May 25, 2018. Highlights of GDPR. Some of the major provisions of the GDPR include: Expansion of Scope. The GDPR applies to many more businesses than the EU Data Directive, including any controller or processor of EU citizen data, regardless of where the controller or processer is located. New obligations are imposed on data processors and on controllers who are required to impose contractual obligations on their data processors. Data Breach Notification. Notification to a privacy regulator of a data breach may be required within 72 hours of discovery of the breach. Fines for Noncompliance and Right to Sue. Violations of certain provisions, such as consent requirements or cross border data transfer restrictions, can trigger fines up to the greater of 20,000,000 EUR or four percent of a company’s annual revenue. Individuals are also allowed right to sue and obtain compensation from a noncompliant controller or processor.
139
Made with FlippingBook - Online Brochure Maker