On May 13, 2016, the firm published an alert titled “General Data Protection Regulation: Key Changes and Implications.”
The European Parliament formally approved the General Data Protection Regulation (the “GDPR”) on April 14, 2016, which will come into force on May 24, 2016. There will then be a two-year transition period ending on May 25, 2018, at the end of which businesses will need to be fully compliant with the GDPR. The GDPR replaces the current EU Data Protection Directive 95/46/EC and imposes stringent obligations on data controllers as well as data processors while granting broad enforcement powers to national supervisory authorities. Businesses that do not comply with the GDPR may face fines of up to 4% of their global revenue or EUR 20 million. This alert memorandum covers some of the key changes introduced by the GDPR and suggests some practical steps businesses may want to take in order to prepare for May 25, 2018.