The European Parliament gave its formal approval on Thursday to the proposed text of the General Data Protection Regulation (“GDPR”).

The GDPR will replace the existing EU directive and contains several significant changes for businesses that control and process the personal data of EU residents.

Our previous briefing on these changes (Seeing the wood for the trees) discusses the key provisions of the GDPR, its likely impacts and the steps that businesses can take now to prepare for its implementation.

The regulation will enter into force 20 days after its publication in the EU Official Journal. The start of the ‘twenty day clock’ is, however, subject to a period of technical checks and formal approvals which could still take several months and last minute changes are not unheard of. Member states will then have two years to transpose the regulation’s provisions into national law.