On 4 May 2016, the General Data Protection Regulation (GDPR) was published in the Official Journal of the European Union. It replaces the national sectoral data protection regulations in the 28 EU Member States. Thus, after a a two-year transitional period, national regulations will not be valid anymore.
With the reform, a EU wide unified legal framework with a high standard of data protection should be ensured in the member states. For companies, the basic regulation has major implications since they state further demands on businesses alongside the existing obligations.
Future fines could face up to 20 million Euros, or up to four percent of the total worldwide annual turnover achieved. It is advisable to familiarize yourself and make the necessary adjustments to the new legal requirements in time.
The appointed date for the new rules to be legally binding is 25 May 2018. Up to this date, companies need to have their entire data protection organization, security concepts, contracts and business processes adapted to the new legal framework.
In the transitional period, the national legislature is required to act as well. Their task will be to adopt national rules.
All interested in privacy and "concerned" in one way or another are facing an exciting time.
Take advantage of the two-year transitional period. The verinice team is currently doing the same: When the GDPR comes into force, the relevant new rules will be implemented in verinice.