EU data protection reform to usher in far reaching changes for businesses by 2018

January 1, 2016

Following four years of negotiation, agreement has been reached between the various European Union (EU) institutions (the Commission, the Council and the EU Parliament) on reform of data protection laws to be applicable across all EU member states, applicable from 2018.  

At present, although the existing directive of 1995 requires all member states to have provisions for the protection of personal data, this is not particularly prescriptive and it was left to each state to legislate as it felt appropriate.  Consequently, data protection laws differ widely across the EU.  The new General Data Protection Regulation aims to address this and will comprise one set of laws applicable uniformly across all member states.

Key provisions of new regime

The new Regulation must now be formally ratified by the EU Parliament which is expected this month.  The key provisions of the agreed draft of which you should be aware are:

Companies based outside the EU must comply with the Regulations when offering services within the EU.

The agreed draft also contains a tighter definition of consent than is currently contained in the UK Data Protection Act 1998 (albeit that this definition was always present in the underlying directive of 1995).  This means that any consent to the processing of personal or sensitive personal data in the UK must be freely given, specific, informed and unambiguous once the new Regulations are in force.  The requirement that consent be freely given is likely to be difficult to achieve in an employment context as noted by previous guidance from the Information Commissioners Office on this topic.

Enforcement: new much tougher penalties

Enforcement will also change significantly and become a far greater business risk as under the new regime fines of up to 4% of turnover may be imposed for breaches.

What should we do now?

These far reaching changes, and the much greater business risk for non-compliance, become applicable from 2018.  Businesses should now begin to assess how they need to change their policies, systems and processes to be compliant. 

We will report further when the Regulation is available in final approved form.

Contact us

Should you require assistance in assessing how to revise your data protection policies to meet the revised rules, please contact us on +44 (0) 203 051 5711 or email us.

 

Disclaimer

Content is for general information purposes only. The information provided is not intended to be comprehensive and it does not constitute or contain legal or other advice. If you require assistance in relation to any issue please seek specific advice relevant to your particular circumstances. In particular, no responsibility shall be accepted by the authors or by Abbiss Cadres LLP for any losses occasioned by reliance on any content appearing on or accessible from this article. For further legal information click here.

Circular 230 disclosure

To ensure compliance with requirements imposed by the IRS and other taxing authorities, we inform you that any tax advice contained in this article (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties that may be imposed on any taxpayer or (ii) promoting, marketing or recommending to another party any transaction or matter addressed herein.

Category:

CELIA Alliance
CELIA Alliance members are identified here. Members of the CELIA Alliance are each independent law firms and do not practice law jointly with any other member of the CELIA Alliance. “CELIA Alliance” and “CELIA” are not trading names. For more information about the CELIA Alliance click here.

Disclaimer
Content is for general information purposes only. The information provided is not intended to be comprehensive and it does not constitute or contain legal or other advice. If you require assistance in relation to any issue please seek specific advice relevant to your particular circumstances. In particular, no responsibility shall be accepted by the authors or by Abbiss Cadres LLP for any losses occasioned by reliance on any content appearing on or accessible from this newsletter. For further legal information click here.

Copying
If you would like to copy or otherwise reproduce this article then you may do so provided that: (1) any such copy or reproduction is for your own personal use or if it is made available to any third party it is done so on a free of charge basis; and (2) the article is reproduced in full together with the contact details, disclaimer and any logos as they appear on each article.

Leave a Reply

Your email address will not be published. Required fields are marked *