This article originally appeared in the May 2018 edition of Mobility Magazine.
The General Data Protection Regulation (GDPR) is the new regulation covering the data protection and privacy requirements for entities transferring and maintaining the data of individuals or “data subjects” in the European Union—including foreign nationals. The GDPR replaces the current EU Data Protection Directive (“the Directive”), which the data privacy laws of EU member states had been based on since 1995. The GDPR takes effect in only a few weeks—on 25 May 2018.
On 14 April 2016, the EU Parliament voted to adopt the GDPR. This provided just over two years for companies handling EU personal data to come into compliance before enforcement of the regulation and the possibility of fines come into effect.
Companies that maintain or process the data of data subjects in the EU, including transferees residing in the EU, must be in compliance with the new requirements of GDPR by 25 May 2018, or face potential fines. Companies that fail to comply with the GDPR could face fines up to 4 percent of total global gross revenue or €20million, whichever is greater.
Next month’s Mobility Magazine Government Affairs column will delve into some of the key differences between the GDPR and the Directive, and below are some consent guideline developments excerpted from that column:
Since the adoption of the GDPR, the Article 29 Working Party has issued guidance on several topics regarding the GDPR, including on consent. Before delving into the Article 29 Working Party guidelines on GDPR Consent adopted on 29 November 2017 (the“Consent Guidelines”), it seems appropriate to look at GDPR Article 6, which requires that at least one of the following apply in order to lawfully process personal data (see Page 22 of the Consent Guidelines, Section 6):
Read the rest of this article in this May 2018 edition of Mobility Magazine.