New EU Data Protection Regulation: Compliance in an Evolving Privacy Landscape
The General Data Protection Regulation (the Regulation) is now in an agreed form pending formal ratification by the EU. While implementation of the Regulation is still over two years away, the road to compliance is likely to be a long one for many organizations. The Regulation represents a significant strengthening of European data protection legislation, both in terms of obligations imposed on organizations and in terms of the rights granted to individuals. It will replace the Data Protection Act 1998 in the UK, which has been in force for over 15 years. With fines under the Regulation capped at a staggering 20 million Euros for a single breach, it is worth considering whether or not you are currently satisfied with your organization 's level of compliance? If not, urgent action is required if your organization is to be ready for the much more demanding obligations which will be imposed under the Regulation.