EU Data Protection Reform has been under discussion since 2012 with the intention to “make Europe fit for the digital age”. This week the European Commission, European Parliament and the Council of the European Union have reached agreement on the final wording of the General Data Protection Regulation. The draft Regulation is now widely expected to be formally approved in the new year.
The European Commission has said that the Regulation will enable individuals to better control their personal data, as well as modernising and unifying rules to allow businesses to make the most of the opportunities of the Digital Single Market by cutting red tape and benefiting from reinforced consumer trust.
The Regulation will not need national implementation, and will come into force automatically two years after it is formally adopted, which looks like it will be early 2018. The Regulation will provide a uniform set of rules across all Member States, and multi-nationals will be able to deal with one regulator in the EU. However, we await the final text of the Regulation to see how much scope there will be for local variation in Member States.
The Data Protection Directive for the police and criminal justice sector has also been agreed. It is intended to ensure that the data of victims, witnesses, and suspects of crimes, are duly protected in the context of a criminal investigation or a law enforcement action. At the same time, more harmonised laws will also facilitate cross-border co-operation of police or prosecutors to combat crime and terrorism more effectively across Europe.
2016 looks set to be a big year in the world of data protection, and we will be reporting of the detail of those changes and how to best prepare for the new regime in the coming months