As expected, the EU Parliament’s Committee on Civil Liberties, Justice and Home Affairs (also known as LIBE) voted today to adopt the new General Data Protection Regulation (see the summary we provided yesterday here). A LIBE press release announced the vote with the proclamation “New EU rules on data protection put the citizen back in the driving seat.” The vote was 48 for the GDPR, 4 against, and 4 abstentions. The GDPR will go to a vote of the full EU Parliament in March or April of 2016. It is expected to be passed based on LIBE’s endorsement.
Companies will have a grace period of two years to come into compliance, measured from the date that the GDPR is formally adopted and published in the Official Register. That means that the key compliance date will probably fall in March or April of 2018. Given the complexity of the 200 page Regulation and the likely need to audit and change business processes throughout organizations, we recommend starting the compliance review process immediately.