It has been over four years in the making but the EU Parliament and Council have finally approved the General Data Protection Regulation (GDPR) after the EU Council of Ministers approved the final text last week.
The compromise agreement reached just before Christmas has remained intact, having been agreed by both the EU Council of Ministers and Parliament. Today’s decision means that the GDPR text will not be amended further and is now in its final state.
A two-year implementation process will begin once the Official Journal of the EU publishes the regulation – the final step to complete before the regulation becomes EU law, though whether that is published before the 23rd June EU Reforendum in UK we’ll wait and see.
The real work for European organisations will now begin. The task of picking over the legislation and interpreting what its real impact will be is now underway.
The ICO who has been heavily involved in consultation and done a great job in the last 3 years will publish its guidance
10 Things that you need to know before ICO guidance comes:
- It’s a regulation not a directive so passes straight to law in all 26 EU countries
- Data processors will be responsible for data protection
- The regulation has global ramifications ( 23rd June vote will not impact UK)
- Users will be able to make compensation claims
- There are tighter rules on transferring data on EU citizens outside the EU
- Harmonised user request rights
- New Rights to be forgotten
- It’s data controllers responsibility to inform users of their rights
- Tougher sanctions- E100m or 5% of global turnover
- Encryption and tokenisation can come to your rescue
The Principles of the new Directive are good for customers and good for all of us 450m EU citizens: My data is my data and organisations need to treat it thus
- Transparency of use to individuals,
- Data use for specified EXPLICIT and LEGITIMATE purposes only
Overall this is good for customers, good for responsible organisations and with 2 years before the directive becomes law there is time to prepare ourselves and use this as an opportunity to build consumers TRUST in an organisation.
Look out for future Blogs on explaining the detail and how to prepare using ICO guidance