On Thursday, April 14, 2016, the European Parliament voted to adopt the long-awaited EU General Data Protection Regulation (the GDPR). During the plenary session Jan Philipp Albrecht, rapporteur of the European Parliament for the GDPR, welcomed the adoption following what he described as years of “democratic debate and legislative process.” Albrecht further described the adoption as “a huge step forward towards creating a single legal environment for the digital world of tomorrow.” Today’s parliamentary vote completes the legislative process for adoption of the GDPR. The final step will be for the GDPR to be published in the Official Journal of the EU which will likely take place in May 2016. Companies and regulators will then have two years from the date of publication in which to implement the requirements under the GDPR. Businesses should now seriously consider the impact of the GDPR and start planning for implementation.
The past several days, the GDPR (the EU General Data Protection Regulation) took two significant steps towards adoption. On Friday, April 8, 2016, the European Council adopted the GDPR at first reading. Then today, Tuesday, April 12, 2016, the European Parliament’s Civil Liberties, Justice and Home Affairs Committee (the LIBE Committee) approved the GDPR by a 54-3 vote with one abstention. The European Parliament is due to vote on the GDPR in a second reading at a plenary session this coming Thursday. That will complete the legislative process for adoption of the GDPR. The final step will be for the GDPR to be published in the Official Journal of the EU which will likely take place in May 2016. After publication, the GDPR will apply two years after the date of publication, allowing companies and regulators a grace period to prepare. The interpretation of the GDPR will be shaped by guidance from the new European Data Protection Board.
*This post originally appeared in Law360 on January 7, 2016.
While 2015 was a big year in data, 2016 may prove to be even bigger. Many hot button and game changing topics are being debated in legislative bodies and campaign trails, regulators are focused, and privacy-related litigation continues to rise. Below, we count down the top ten cybersecurity, data protection and privacy issues to watch in 2016.
As the legislative journey for the General Data Protection Regulation (“GDPR”) nears its conclusion, last week (Nov. 27,2015) saw the publication of a further compromise text which left the door open for additional “trilogue” discussions on the much-debated subjects of administrative fines, data protection officers (“DPOs”), and data breaches, as well as details of other provisions.