I vividly remember the last time I sat down during the working day to watch TV – it was 11th September 2001 and I sat spellbound in the East Stand of Leeds United Football Club where I was head of the commercial department watching the terrible events unfold on Sky News.
Yesterday I spent an hour on the live video stream of the European Parliament watching the process of the General Data Protection Regulation passing into law. For those of us who are DP practitioners it was a monumental day and I was grateful to the video service for allowing me to feel part of it.
The noon press briefing began, “Good afternoon. Welcome to our mid-day press briefing on Thursday 14th April.”
There were a few announcements and then – BAM!
“I would also like to welcome the final adoption by the European Parliament of what is a very important piece of legislation put forward by the European Commission: the data protection reform package. This reform package includes a general data protection regulation which will empower citizens to regain control over their personal data and enable companies to make the most of the digital single market. The package also includes a data protection directive for police and criminal justice authorities which will allow for a smooth exchange of information between Member States’ police and judicial authorities.”
I watched the highlights of the debate about the GDPR and listened intently to Jan Philipp Albrecht once the regulation had been voted through.
“Dear Colleagues. Just two sentences. I think that this adoption of the European Data Protection Regulation is a huge step forward for the European Union for fundamental rights in the European Union and it shows that we can deliver for a legal framework for the digital age and that we can deliver for democratic decisions still in the European Union which has a huge value for citizens and consumers.”
Source EbS Live http://ebstv.tv/website/live.php
So what happens next? European Law is published in the Official Journal of the European Union: the “OJ” and available at the EUR-Lex website (http://eur-lex.europa.eu/oj/direct-access.html). Once the Regulation is published in the OJ which is anticipated sometime before July then it enters into force 20 days later replacing the national laws across the 28 Member States including the UK’s 1998 Data Protection Act. The Regulation states that it shall apply two years from the date of publication in the OJ.
So, there you have it. We’ve got a matter of months to assess where we are, what we’ve got to do and put change in place to be ready for the enforcement of the new Regulation in mid 2016. And the colossal fines of up to €20,000,000 or 4% of annual global turnover should be incentive enough to get motoring with it!
And just to remind everyone – the Regulation is no incremental change from the current regime for us in the UK – it is no less than a paradigm shift in the way that organisations must handle data.
Please get in touch if you have any questions about GDPR or data protection and privacy in general.
Philip Brining 14th April 2016