The EU General Data Protection Regulation

08 June 2016 Download PDF

The EU data protection landscape, having remained largely unchanged since 1995, is now on the brink of a radical transformation. After extensive negotiations, the GDPR was formally adopted on 4 May 2016 and is set to replace most EU data protection legislation, including the DPA in the UK.

 

Unlike the current Directive, the GDPR will be directly applicable in all EU Member States without the need for national legislation. It will apply from 25 May 2018.

The GDPR brings new concepts into the regulatory spotlight, including profiling and the right to be forgotten. It imposes extensive new obligations on businesses and transforms the role of the Data Processor. Rights for individuals are significantly strengthened and fines in respect of breaches are increased exponentially from £500,000 under the DPA, up to €20,000,000 or 4% of annual worldwide turnover under the GDPR.

This Brochure aims to explain the main differences between the Directive/DPA and the GDPR. We have used weather themed icons for categorising the changes, so that at a glance, you can see how this may affect your business.

Please see our Glossary on page 21 for an explanation of the defined terms and abbreviations that we have used in this Brochure.

If you would like more information on the GDPR or the DPA, please contact Ian Stevens, Emma Burnett, John Armstrong or Loretta Pugh.

 

Show more Show less

Back to top

Agency Database

Future Dates

* Estimated date

  • 30 June 2018

    Date on which EBA/ESMA Guidelines on the assessment of the suitability of members of the management body and key function holders under CRD IV and MiFID II take effect.

  • 30 June 2018

    Date on which the EBA's Guidelines on internal governance under CRD IV take effect.

  • 30 June 2018

    Date by which EIOPA is to submit first draft RTS under Article 10(7) of the IDD, relating to adapting certain amounts in euro, to the European Commission.