New European-wide data law as proposed Privacy Shield is severely dented
The European Parliament has today voted to pass the General Data Protection Regulation (GDPR) into law.
The news comes as European privacy bodies rejected the proposed Privacy Shield framework that was supposed to protect citizens’ data being transferred to the US – see separate story today on ChannelBiz.
On the GDPR vote, William Long, a partner at Sidley Austin, said: “This is the end of a long road of establishing a new European Data Protection regime aimed at creating a single law on data privacy across the European Union, which will have a fundamental impact on businesses for a generation.”
He said: “There are still a number of issues where some member states have fought successfully to implement their own national law requirements, for instance in the area of health data, and this will no doubt lead to certain complexities and inconsistencies.
“However, organisations should be under no doubt that now is the time to start the process for ensuring privacy compliance with the new regulations. The penalties for non-compliance are significant – at up to 4 percent of annual worldwide gross turnover or 20 million euros, whichever is the greater.”
Companies outside of Europe, such as those in the US who offer goods and services to Europeans, will also fall under the scope of the new legislation and will face the same penalties for non-compliance.