The General Data Protection Regulation (GDPR) was finally approved by the EU Parliament on 14 April 2016. It will enter into force 20 days after its publication in the EU Official Journal and its provisions will be directly applicable in all member states 2 years after this date. The GDPR, which will replace the current 1995 Data Protection Directive, is designed to give citizens more control of their personal data and includes provisions on; clear and “affirmative” consent, a right to be forgotten, a right to transfer data to another service provider, the right to know when your data has been hacked and stronger enforcement and fines of up to the higher of Euro 20million or 4% of a firm’s total worldwide annual turnover.

The approved data protection package also includes a new directive on data transfers for policing and judicial purposes which member states will have to transpose into national law within two years.

Press Release