On 15 December 2015, political agreement on the long-awaited new European data protection regulation was reached. The new rules are in some ways stricter than the current ones. Moreover, the rules are laid down in a so-called regulation, which means that in theory they should be the same across the European Union. Hopes are high that this European standard will make it easier for international organisations to do business across Europe. The political agreement will still need to be officially adopted by the European institutions, but this is expected to be a mere formality. The new rules will come into effect in approximately two years, allowing organisations to already adjust their data processing practices in the coming years.
We have anticipated the new regulation since the publication of its first draft in 2012 and have incorporated several important concepts in our advisory practice. This means that, even though the regulation will impose new compliance obligations, the step from compliance with current EU data protection legislation to compliance with the new regulation may be smaller than you think. For example, the rules put more emphasis on accountability and internal compliance measures, such as privacy impact assessments. We have prepared tools to meet these requirements and already apply them by default in our privacy improvement projects.
The new rules are, however, extensive and it is impossible to give an overview of all the upcoming changes in this post. In order to enable our clients to be fully prepared, we will be publishing practical analyses in the coming months, focusing on topics such as:
- Substantive changes in the rules;
- Internal accountability measures;
- International transfer of data;
- Security and data breach notification obligations; and
- Jurisdiction and enforcement.
We also plan to organise a series of workshops around these topics. If you’re interested, please let us know and we’ll keep you updated. And if you already want to know what the new rules will mean for your business, we’re more than happy to discuss this with you.