15 April 2016

Update: European Data Protection Regulation

Update – On 14 April 2016, the European Parliament finally adopted the long-awaited new European data protection Regulation (see the press release and the adopted text). The Regulation will replace the current EU Privacy Directive and local EU data protection laws. It applies directly in all EU Member States and will significantly change current EU data protection laws. Under the Regulation the rights of individuals will be enforced, compliance burdens for organizations will be increased, the territorial scope will be broadened and the enforcement powers of data protection authorities will be expanded.

The new rules will come into effect in spring 2018. This means that organizations have two years to prepare and adjust their data processing practices. If you want to know what the new rules will mean for your organization and how you can prepare for the changes ahead, we’re more than happy to discuss this with you.

We have anticipated the new Regulation since the publication of its first draft in 2012 and have incorporated several important concepts in our advisory practice (see also our earlier post). For example, the rules put more emphasis on accountability and internal compliance measures, such as privacy impact assessments. We have prepared tools to meet these requirements and already apply them by default in our privacy improvement projects.

We will also organize a series of round tables around these topics, such as on 6 June 2016 on the subject ‘The impact of the EU Privacy Regulation on your organization’. As part thereof we will discuss the most important changes of the EU Privacy Regulation and how you can prepare for these changes.

If you’re interested joining any of our round tables, please let us know and we will send you an invite.