Government Affairs

GDPR: It’s Almost Here

This article originally appeared in the May 2018 edition of Mobility Magazine.

The General Data Protection Regulation (GDPR) is the new regulation covering the data protection and privacy requirements for entities transferring and maintaining the data of individuals or “data subjects” in the European Union—including foreign nationals. The GDPR replaces the current EU Data Protection Directive (“the Directive”), which the data privacy laws of EU member states had been based on since 1995. The GDPR takes effect in only a few weeks—on 25 May 2018.

On 14 April 2016, the EU Parliament voted to adopt the GDPR. This provided just over two years for companies handling EU personal data to come into compliance before enforcement of the regulation and the possibility of fines come into effect.

What This Means for Mobility

Compliance is Crucial

Companies that maintain or process the data of data subjects in the EU, including transferees residing in the EU, must be in compliance with the new requirements of GDPR by 25 May 2018, or face potential fines. Companies that fail to comply with the GDPR could face fines up to 4 percent of total global gross revenue or €20million, whichever is greater.

Next month’s Mobility Magazine Government Affairs column will delve into some of the key differences between the GDPR and the Directive, and below are some consent guideline developments excerpted from that column:

Developments on GDPR Since Adoption: Consent Guidelines

Since the adoption of the GDPR, the Article 29 Working Party has issued guidance on several topics regarding the GDPR, including on consent. Before delving into the Article 29 Working Party guidelines on GDPR Consent adopted on 29 November 2017 (the“Consent Guidelines”), it seems appropriate to look at GDPR Article 6, which requires that at least one of the following apply in order to lawfully process personal data (see Page 22 of the Consent Guidelines, Section 6):

  • The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
  • Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Read the rest of this article in this May 2018 edition of Mobility Magazine.

Advertisement