On 27 April 2016, the European Council and Parliament finally adopted a new data protection law: the General Data Protection Regulation (GDPR). The following is a summary of key issues and a checklist of initial tasks to help you prepare for the new regulation.

When Will the GDPR Take Effect?

It will apply directly in all EU Member States from 25 May 2018. It will repeal and replace Directive 95/46EC and its Member State implementing legislation.

Expanded Territorial Scope

The GDPR rules (like the Directive) will apply to both controllers and processors in the EU.

The GDPR will also apply to data controllers and processors outside the EU whose processing activities relate to:

  • The offering of goods or services to EU residents (even if for free)
  • The monitoring of EU residents

Consequence of Non-Compliance

The maximum fine for a violation of the GDPR are substantial. Regulators can impose fines of up to 4% of total annual worldwide turnover or €20,000,000.

Questions to Ask

To prepare for the new GDPR, an important first step will be to assess personal data risks and identify compliance gaps:

  • What is the definition of Personal Data under GDPR?
  • Where is such Personal Data stored across the organisation?
  • Where is it transferred from and to (including third parties)?
  • How is it secured throughout its lifecycle?
  • What policies and procedures need to be revised or created to achieve compliance with the GDPR?

Key Changes Proposed by the EU GDPR

The GDPR is part of a more general European cybersecurity and digital market framework. It aims to harmonise the differing data protection laws in force across the EU. With its enhanced enforcement regimes and a greater emphasis on rights of individuals and accountability, the GDPR presents ambitious and comprehensive changes to data protection rules.

Click here to view table.

Take Action to Prepare

Organisations have a two-year window to conduct risk assessments and prepare for the GDPR. Our checklist outlines key initial tasks to begin assessing compliance gaps.

Click here to view table.