At its plenary session today, the European Parliament approved the European Council’s position at first reading, finally completing the legislative process for the General Data Protection Regulation (GDPR).
MEP Jan Philipp Albrecht, the European Parliament’s chief negotiator for the GDPR, said: “The general data protection regulation makes a high, uniform level of data protection throughout the EU a reality. This is a great success for the European Parliament and a fierce European ‘yes’ to strong consumer rights and competition in the digital age. Citizens will be able to decide for themselves which personal information they want to share.”
He added: “The regulation will also create clarity for businesses by establishing a single law across the EU. The new law creates confidence, legal certainty and fairer competition.”
First proposed in 2012 by the European Commission, the GDPR will unify data protection across the EU. The final draft of the Regulation was agreed last December.
The Regulation will come into effect two years and 20 days after adoption, superseding national data protection laws such as the UK’s Data Protection Act 1998 (DPA).
This means that all UK companies have until May 2018 to comply with the new law, or potentially face fines of up to 4% of annual turnover or €20 million.
EU GDPR audit
Organisations should have a clear idea of the personal information they hold, including where it originated from and who it can be shared with. An information audit is a key part of a data protection compliance regime. Contact IT Governance now for assistance with your EU GDPR audit >>
Alternatively, call +44 (0)845 070 1750 today.