On 14th April 2016 the European Parliament finally adopted the long awaited EU data protection regulation. The regulation is directly applicable in all Member States. It replaces the previous data protection regulation legislation and harmonising data protection regimes across Europe. With increased fines for enforcement data controllers who breach the new rules face maximum fines of €20 million or 4% global annual turnover. Notification by businesses of a data breach must be made to the authorities within 72 hours.
We are helping business now to put in place their compliance procedures in order to meet the new requirements. Our experience shows that an early start on such work is invaluable. We would be happy to discuss this with you and assist you.
We set out five of the key changes below:
- Business will no longer need notify the regulatory authorities of their processing activities, (such as had to be done in the UK). However, records of processing activities must be kept.
- Consent from individuals to data controllers will be considered as given by way of clear affirmative action. This will establish that consent is freely given by the data subject is specific, informed and unambiguous.
- Enhanced data rights. Individuals will have a right to know how their data is collected, processed, used and shared.
- Data subjects will be able to ask their national courts to review the decisions of data protection authorities, irrespective of where the data controller is established.
- Individuals can object to profiling and exercise their rights to data portability, for example, they can transfer their personal data from one data controller to another data controller. They also have the right to be forgotten.
The above is a general position of the law as at 14th April 2016 and does not constitute legal advice.
For further information please contact Shubha Nath on 0207 681 6073 or email firstname.lastname@example.org.