DATA PROTECTION
The European Parliament definitively adotps the data protection package reform.
The final vote on reforms to Europe’s data protection laws has just taken place in the European Parliament, with MEPs agreeing the new data protection directive — bringing to a close some four years of work to update existing legislation which dates back to 1995.
In a joint statement, EC commissioners Frans Timmermans and Věra Jourová welcomed the adoption, adding: “The new rules will ensure that the fundamental right to personal data protection is guaranteed for all. The General Data Protection Regulation will help stimulate the Digital Single Market in the EU by fostering trust in online services by consumers and legal certainty for businesses based on clear and uniform rules.”
Late last year the various European institutions involved in the legislative process agreed on the text of a new General Data Protection Regulation. Today’s vote in the EU parliament was the last stage of the adoption process. The GDPR will now be transposed into the national laws of the bloc’s 28 Member States over the next two years, with the regulation set to come into force from 2018.
Key changes in the GDPR include:
- tougher penalties for companies found to be breaching European Union data protection law, with fines of up to 4 per cent of global turnover;
- a requirement for larger companies to appoint a data protection officer if they process sensitive data at scale;
- a requirement for companies to disclose personal data breaches within 72 hours;
- liability for data breaches extending to any data processors used by a data controller;
- enshrining Europe’s so-called right to be forgotten ruling in law, and expanding its scope;
- a right for data portability for individuals to enable them to more easily switch between services;
- parental consent for children to use social media;
- a one-stop-shop single supervisory authority for data protection complaints aimed at streamlining the compliance process for businesses;
