Bird & Bird's guide to the General Data Protection Regulation seeks to summarise the key changes that the new law will bring and to highlight the most important actions which organisations should take in preparing to comply with it.
The Guide was updated in May 2017 to incorporate the latest guidance published by the Article 29 Working Party in April 2017.
In publishing a new General Data Protection Regulation in January 2012, the European Commission fired the starting pistol on 4 years of debate, negotiation and lobbying the like of which the European Union (EU) has never previously seen. From this process emerged a law which will significantly overhaul Europe's cornerstone data protection legislation at a time when information systems and digital business underpin human life.
The changes ushered in by the GDPR are substantial and ambitious. At over 200 pages long the Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years, and concepts to be introduced such as the 'right to be forgotten', data portability, data breach notification and accountability (to call out only a few) will take some getting used to. Even its legal medium - a regulation not a directive - make the GDPR an unusual piece of legislation for lawyers to analyse.
For more information, please get in touch with one of our data protection experts.