The European Parliament's Civil Liberties, Justice and Home Affairs [LIBE] Committee has voted resoundingly in favour of the a new General Data Protection Regulation (GDPR).
Due to come in to force in early 2018, the GDPR is the most significant development in data protection law in 20 years.
The GDPR is designed to help empower consumers; businesses, as data guardians, will need to be prepared to act on the changes.
- Data breach notification will become mandatory meaning that serious data breaches will no longer be able to be swept under the carpet.
- Data portability: for consumers who want to move their data between services, requiring businesses to put in place provisions for users to transfer their data between service providers.
- Provisions for European Union member states to set age limits between 13 and 16 years old, below which companies would be banned from handling data without parental consent, anticipated to impact on social media and online services.
- The GDPR may encourage businesses looking to enter the EU market come to the UK as the new rules mean that multinationals will be answerable to only one data protection, based on where they have their ‘main establishment’. The ICO as a pragmatic and commercially minded regulator may therefore make the UK a prime choice for data rich businesses.
- Individuals will have the right to receive compensation if they have suffered material or immaterial damage as a result of companies breaching the GDPR.
Please click here to view the LIBE release.