You are using an older browser version. Please use a supported version for the best MSN experience.

European Parliament adopts tough new data protection rules

TechCrunch TechCrunch 14/04/2016 Natasha Lomas

The final vote on reforms to Europe’s data protection laws has just taken place in the European Parliament, with MEPs agreeing the new data protection directive — bringing to a close some four years of work to update existing legislation which dates back to 1995.

Late last year the various European institutions involved in the legislative process agreed on the text of a new General Data Protection Regulation. Today’s vote in the EU parliament was the last stage of the adoption process. The GDPR will now be transposed into the national laws of the bloc’s 28 Member States over the next two years, with the regulation set to come into force from 2018.

Key changes in the GDPR include:

  • tougher penalties for companies found to be breaching European Union data protection law, with fines of up to 4 per cent of global turnover;
  • a requirement for larger companies to appoint a data protection officer if they process sensitive data at scale;
  • a requirement for companies to disclose personal data breaches within 72 hours;
  • liability for data breaches extending to any data processors used by a data controller;
  • enshrining Europe’s so-called right to be forgotten ruling in law, and expanding its scope;
  • a right for data portability for individuals to enable them to more easily switch between services;
  • parental consent for children to use social media;
  • a one-stop-shop single supervisory authority for data protection complaints aimed at streamlining the compliance process for businesses;

Speaking in the EU parliament immediately after the vote, Jan Philipp Albrecht — the MEP who has driven the reform of the GDPR — said: “This regulation is a huge step forward for the European Union, for fundamental rights in the European Union, and it shows that we can deliver a legal framework for the digital age, and that we can deliver for democratic decisions still in the European Union which has huge value for citizens and consumers.”

It’s pretty clear the new law will also be a boon for law firms, which are already touting data protection compliance expertise, anticipating an inrush of companies concerned to avoid the risk of future fines.

More from TechCrunch

image beaconimage beaconimage beacon