On April 14, 2016, the European Parliament formally adopted the General Data Protection Regulation (GDPR). With this vote, the new EU data protection legal framework will become legally effective in two years and 20 days from its publication in the EU Official Journal (expected in May 2016). By May 2018, companies will have to comply with its new stringent requirements.
The GDPR will significantly impact all companies doing business in the EU, including U.S.-based enterprises that offer goods or services to (or collect or use data concerning) EU individuals. The regulation includes, among other things, stricter conditions for consent, new rights for individuals, data breach notification requirements, and massive new enforcement powers, including fines up to 4 percent of a company’s global turnover.
Click here to read our complete WSGR Alert discussing the enactment of the GDPR.