CONTACT US 0845 345 5004
legal50016law awards winner badge20152016 scott co dispute resolution award winning law firm
legal50016law awards winner badge20152016 scott co dispute resolution award winning law firm
  • Being Awesome
  • Connecting people
  • Doing the right thing
  • Driving excellence
  • Making it happen

Contact us mobile

Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input

Posted on Dec 22, 2015 by Dr. Julie Nixon  | 0 Comments

On the 15th December the European Commission struck an agreement with the European Parliament and the European Council over EU Data Protection reform. The aim of the new European General Data Protection Regulation (GDPR) is to harmonise the current data protection laws in place across the EU member states. Because the new law is a “regulation” instead of a “directive” means it will be directly applicable to all EU member states without a need for national implementing legislation. Enforcement of the new regulation is expected to start in 2018. Here I outline some of the key changes proposed so far that organisations should be aware of.

New Rules for Obtaining Consent to Process Data

The EU Parliament has proposed that consent for processing of personal data must be “purpose limited”, i.e. consent must be obtained for one or more specific purposes. The EU parliament's chief negotiator Jan Philipp Albrecht said, "companies will not be allowed to divulge information that they have received for a particular purpose without the permission of the person concerned. Consumers will have to give their explicit consent to the use of their data." The burden of demonstrating that the legal standard of “consent” has been achieved will lie with organisations, so businesses should review whether its documents and forms of consent are adequate and check that consents are freely given and specific.

Reporting Security Breaches

The draft Regulation proposes that Companies will have to report breaches that are likely to harm individuals to national authorities (the ICO in the UK) within 72 hours. A security breach report is likely to have to include the facts surrounding the issue, the effects of the violation and the subsequent actions taken.

Right to be Forgotten

In May 2014 the European Court of Justice ruled that search engines such as Google were data processors and that citizens had the right to ask that content referring to them be “forgotten”. It is thought that the GDPR will define a more limited right to be forgotten. Exactly what this will mean is still unclear and could depend on future rulings.

High Fines For Companies Who Breach the Regulation

Given that the GDPR will enable EU national authorities to levy fines of up to 4 percent of revenues on firms breaking the law, it would be prudent for organisations to analyse the legal basis on which they collect and use personal data. By contrast to the existing Data Protection Directive, the proposed regulation now imposes some direct obligations on processors. Data processing procedures should be monitored and reviewed with an aim to minimise data processing and retention of data. 

However the new proposed regulation could be attractive for multi-national businesses. The GDPR reduces 28 sets of different data protection laws to a single regulation, reducing compliance costs, complexity, risk and uncertainty over reporting for organisations who operate throughout the EU.

Contact MBM: An Award Winning Legal Firm

For further clarification of the new European General Data Protection Regulation (GDPR), or if you have any queries on data protection, please contact us today.

“So why do I like working with these guys? It's three things really. They share the entrepreneurial 'can do' spirit of their clients and so are fun to work with; they deliver the goods – on time and on budget; their transaction judgement is sound and entirely practical.”

VIEW ALL OUR TESTIMONIALS

Contact us

Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input

Latest tweets

If you are embarking on a new venture, our lawyers can help you: ow.ly/k0OD305pj2X

Read more

For #legal advice on #professional #negligence, contact us today ow.ly/Tbyq305pj3a

Read more

SEED investment

Download free SEED investment documents

At MBM, we’ve led the market for years in the world of early-stage investment deals when it comes to acting on behalf of both founders and investors.

Find out more