Contributed Content & Presentations
European Union Agrees on Data Protection Reform
December 16, 2015
Authored By:
Christmas came early for the European Commission, as a multi-year effort to reform the continent’s aging data protection framework was finally agreed upon with the European Parliament and Council, which will significantly change the compliance obligations for businesses across the world that process and transfer personal data on data subjects within the 28 member states of the European Union. Late on Tuesday, December 15, 2015, the European Commission issued a press release which can be read here.
The General Data Protection Regulation, which will likely become effective in early 2018, will reduce much of the red tape that companies deal with when processing personal data on EU data subjects. Reforms include establishing one single set of rules which will make it simpler and less costly for companies to do business in the EU and providing for one-stop-shop so businesses will only have to deal with one single supervisory authority.
The General Data Protection Regulation also will reduce some of the compliance burden for small and medium enterprises by eliminating notifications to supervisory authorities and exempting them from the obligation to appoint a data protection officer or perform impact assessments unless the core business is data processing or there is a high risk to the personal data processed.
With the reform though will come some major obligations, including a reinforced “right to be forgotten,” and a shortened timeframe to notify supervisory authorities and data subjects when there is a major data breach. Further, for serious violations of the new regulation, potential sanctions can reach 4 percent of a company’s global revenue.
Lastly, where the old directive generally exempted companies that processed personal data from EU data subjects but did not have a physical presence in the EU, now the new rules will apply even if personal data is processed by companies that are active in the EU market but lack a physical presence.
Companies that are processing personal data on EU data subjects should start planning for these reformed rules to determine an appropriate and measured strategy for compliance. More information about the reformed rules can be found on the European Commission website here.
If you have questions please contact:
Michael D. Stovsky | mstovsky@beneschlaw.com | 216.363.4626
Latest News
Benesch’s David Hudson Publishes Article in CityBiz on Real Estate Private Equity Structuring
Citybiz recently published an article by David Hudson, a partner in Benesch’s Real Estate Practice Group, titled “Structuring Considerations for …
Benesch’s Jonathan Todd and Robert Pleines, Jr. Publish Article in Law360 on New DOT Restrictions Impacting Nondomiciled Commercial Driver’s Licenses
Law360 recently published an article by Jonathan Todd, Vice Chair of Benesch’s Transportation & Logistics Practice Group, and Robert Pleines, Jr., Senior …
Benesch State AG Attorneys Featured in New York Law Journal on Prediction Market Uncertainty
Attorneys from Benesch’s newly launched State Attorneys General Investigations & Enforcement Practice Group, including Chair Kevin Frankel and attorneys Kristin …
Columbus Business First Features Benesch Insight on Point-Shaving and Sports Gambling
Benesch Partner Marisa Darden, Of Counsel Robert Kolansky, and Associate Bianca Smith authored an article featured in Columbus Business First examining the growing legal risks tied to sports gambling and recent point-shaving allegations.