After three years of heated negotiations, the text of Europe's new General Data Protection Regulation (GDPR) was agreed on December 15th in Brussels. The final text will replace 20 years of jurisprudence and guidance under the old 1995 Data Protection Directive and heralds profound changes to the treatment of personal data in Europe over the next 20 years.
Under the revised GDPR, sanctions for failing to comply with the new requirements include fines of up to 4% of worldwide annual turnovers (i.e, worldwide income). The new rules will introduce mandatory data breach notification for all, joint and several liability for suppliers (data processors), tougher restrictions on the use of profiling and on the collection and use of children's data, enhanced rights for individuals and a requirement for most organizations to appoint a data protection officer. Plus there will be more exacting requirements for organizations to ensure privacy by design and by default and to document their compliance with the new regime.
In this webinar, Robert Brownstone, Privacy co-chair and Electronic Information Management chair of Fenwick & West LLP and Ross McKean, head of data protection at Olswang LLP, will lead a discussion considering: