This article was produced by Olswang LLP, which joined with CMS on 1 May 2017.
What's going on, and what does it mean for me?
It is nearly three years since the European Commission unveiled its ambitious plans for overhaul of the data protection regime in the form of the draft General Data Protection Regulation. As we approach the end of 2014, although various adoption target dates have come and gone, the reform has nevertheless reached a significant milestone - approval in March 2014 by the European Parliament (EP) of a significantly amended text - and the Council has reached a "partial general approach" on certain key aspects of the Regulation. The EU institutions aim to adopt the Regulation by May 2015, meaning it could take effect as soon as 2017. Even if it takes longer, it is now a question of "when" not "if". Businesses have a short window of opportunity over the next two to three years before the Regulation becomes law. There is a lot to do and it is increasingly difficult to find good resources to support data protection compliance with the ongoing arms race among organisations and advisors for data protection talent. The advice is simple: Don't delay; the clock is ticking. You need to gear up for compliance now.
Why are we still waiting?
Based on its approach that "nothing is agreed until all is agreed", the Council still has significant work to do before the Regulation can enter its final critical phase - namely closed-door "trilogue" negotiations between all three EU institutions to hammer out a final compromise text. The new Commission President has tasked the new Commissioners who now share responsibility for the DP portfolio with steering the Regulation to adoption by May 2015. Italy, the latest Member State to hold the Council Presidency, has (like the Greek Presidency before that, and the Irish Presidency before that) declared DP reform to be a priority. If the latest target adoption date of May 2015 is met, and if the proposal remains in the form of a directly effective Regulation (instead of a Directive requiring transposition), the new rules could be in force as soon as May 2017.
The Top 12 issues - what you need to know
With so many issues in the Regulation still the subject of negotiation, and in many cases, further technical work, it is impossible to say what the wide-ranging new regime will look like in every detail when the legislators finally complete their work. What is certain however is that overall, the new regime will be more onerous - and that the sanctions for breach will be drastic, with proposed fines of up to 100,000,000 euros or 5% of an enterprise's global annual turnover.
In this update Olswang's award-winning data protection team select the Top 12 issues in the proposed Regulation, compare these to current data protection laws, summarise the current state of negotiations and comment on the likely practical implications for business.
Please click here here for a full PDF version of the guide, for a one-page bluffer's guide
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.