General Data Protection Regulation (GDPR) Guide
Clifford Chance produces guidance
07 July 2017
The EU General Data Protection Regulation (GDPR) was passed in 2016 and will become law on 25 May 2018. It represents the biggest change in EU data privacy law in a generation and is likely to form a model for new data privacy rules in other jurisdictions.
The GDPR preserves and builds on the principles of the current EU regime, which was designed for a pre-digital age. It seeks to achieve greater legal consistency across the EU and the wider European Economic Area (EEA), and at the same time introduces a raft of new aggressive and intrusive rules. In particular, there are very serious sanctions for breach, including fines which can go as high as 4% of the global turnover of a group of companies.
The new law places protection of the privacy rights of the individual at its centre and, in the process, runs contrary to many business models that assume that data can flow freely, and without restriction in its use.
Adjustment to the new regime will require radical changes in approach for most businesses. Make no mistake, if companies do not prepare, they will be exposed to an unprecedented regulatory risk. The value of one of the most important assets a business holds – data – could be severely diminished without careful planning.
We have prepared a guide identifying the key changes being introduced by the GDPR and summarising the practical steps that need to be taken to effectively build the GDPR into your compliance culture.
Please contact: Emily Read-Shaw if you would like a copy of our GDPR guide.