Fundamental overhaul of EU data protection regime unveiled

A package of draft measures aimed at fundamentally overhauling and harmonising the EU’s data protection regime has been published by the European Commission. If passed in its current form, the new data protection framework will introduce enhanced rights for individuals and tough penalties for non-compliance.

Why do we need new data protection laws?

With the explosion of the internet, volumes of personal data held by organisations have increased dramatically and data now flows much more easily between organisations and jurisdictions. The EU believes that the current regime is in need of updating and that harmonising the regimes across Member States will bring greater security for individuals, greater clarity and (arguably) lower compliance costs for organisations which process personal data. To that end, it has published a draft framework of legislation which will entirely replace current European data protection laws.

Who will have to comply with the new laws?

Data controllers and data processors with legal entities in the EU will have to comply. In addition, organisations which process personal data of EU individuals in relation to the offering of goods and services or monitoring of behaviour irrespective of the location of the controller or processor, will also be subject to the new laws.

Read more - what are the key changes?

Lawyers Vinod Bange, Sally Annereau, Christopher Jeffery, Graham Hann, Glyn Morgan