EU Privacy Laws Reformed - New General Data Protection Regulation - a First Look

After three years of heated negotiations, the text of Europe's new General Data Protection Regulation (GDPR) was agreed on December 15th in Brussels. The final text will replace 20 years of jurisprudence and guidance under the old 1995 Data Protection Directive and heralds profound changes to the treatment of personal data in Europe over the next 20 years.

Under the revised GDPR, sanctions for failing to comply with the new requirements include fines of up to 4% of worldwide annual turnovers (i.e, worldwide income). The new rules will introduce mandatory data breach notification for all, joint and several liability for suppliers (data processors), tougher restrictions on the use of profiling and on the collection and use of children's data, enhanced rights for individuals and a requirement for most organizations to appoint a data protection officer. Plus there will be more exacting requirements for organizations to ensure privacy by design and by defa​ult and to document their compliance with the new regime.

In this webinar, Robert Brownstone, Privacy co-chair and Electronic Information Management chair of Fenwick & West LLP and Ross McKean, head of data protection at Olswang LLP, will lead a discussion considering:

  • The timeline for implementation
  • When and where will GDPR apply, and which regulator(s) will be able to enforce it?
  • New rules for service providers
  • An overview of enhanced data subject rights
  • Data breach notification – the new rules and lessons learned from US experience