On 4 May 2016, the new EU General Data Protection Regulation (GDPR) was published in the Official Journal. It will be adopted as law on 24 May 2016. The GDPR replaces Directive 95/46/EC and imposes a stricter compliance regime than is currently required in many EU states, supported by fines of up to €20 million or 4% of a business’ total worldwide annual turnover, whichever is higher. Companies will have a two-year grace period, until 25 May 2018, to take the steps necessary to ensure compliance.

General Data Protection Regulation