Draft EU Data Protection Rules revealed



A draft of the new ‘General Data Protection Regulation’ is now circulating, ahead of its official publication date (due late January 2012).  As it stands, the regulation promises greater harmonisation but will bring a significantly harsher regime, requiring more action by organisations and with tough penalties of up to 5% of worldwide turnover for the most serious data protection breaches.

The General Data Protection Regulation is set to be accompanied by a new directive, governing use of data by public authorities for law enforcement purposes, the draft text of which is also in circulation.

Ruth Boardman, Joint Head of Bird & Bird’s International Privacy and Data Protection Group said: “The draft regulation suggests there will be a significantly harsher regime for data protection. Online industry and direct marketing are particularly singled out, but with fines of up to 5% of worldwide turnover proposed, the draft rules should be a concern to all.”

- Ends -

Notes to editors:

The draft regulation is even longer than the current directive (95/46/EC), running to 116 pages and 118 recitals.   It is likely to take at least two years to finalise and is planned to enter into force a further two years after that finalised text is published in the Official Journal. The draft which we have seen appears to be a preliminary draft, released informally and without any confirmed status.

Further details of the draft regulation and its impact can be found in our legal update.