The latest enterprise risk management news from around the world

New European General Data Protection Regulation gets the green light

Organizations based and operating in the European Union have a new compliance risk to prepare for, as the European General Data Protection Regulation passes its final hurdle.

Following extensive, multi-year negotiations the European Parliament and European Council have now reached an agreement on the new General Data Protection Regulation modernising a legal framework which dates back to the 1990s (source: ENISA).

The Regulation gives national competent authorities (DPAs) greater enforcement powers, strengthening their role, as well as reinforcing the rights of individuals with regards to data protection in the digital era.

According to the European Commission the main provisions of the European General Data Protection Regulation are:

  • One continent, one law: the regulation will establish a single set of rules on data protection, valid across the EU. Companies will deal with one law, not 28.
  • Strengthened and additional rights: the right to be forgotten will be reinforced. When European citizens no longer want their data to be processed and there are no legitimate grounds for retaining it, the controller must delete the data, unless they can show that it is still needed or relevant. Citizens will also be better informed if their data is hacked as the Regulations impose a breach reporting requirement. A right to data portability will make it easier for users to transfer personal data between service providers.
  • European rules on European soil: companies based outside of Europe will have to apply the same rules when offering services in the EU.
  • More powers for independent national data protection authorities: national data protection authorities will be strengthened in order to effectively enforce the rules, and will be empowered to fine companies that violate EU data protection rules. This could lead to penalties of up to €1 million or up to 2 percent of the global annual turnover of a company.

Next steps

The European General Data Protection Regulation will now be ratified by the European Council, a step considered to be a formality. The next meeting of the European Council starts on February 18th 2016 and if ratification occurs at this meeting the Regulations are expected to come into force two years later.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.