Welcome to the April edition of LegalBytes!

What a few busy weeks we have had in the privacy world once again! Last week alone saw the adoption of the new pan-European data protection legislation framework by the EU Parliament as well as the publication of an important opinion by the Article 29 Working Party on the Privacy Shield. At the same time the very political discussions about the seemingly insolvable conflict between data protection and national security continue following the recent horrific terror attacks in Paris and Brussels. All of these developments interlink and influence each other and make privacy compliance a true challenge.

Needless to say that our lawyers around the globe are busy analysing these developments and doing their very best to help you stay on top of these developments and understand their operational impact.

To give you a taste of what is to come:

  1. We will be launching our Global Surveillance Law Survey and Heat Maps very shortly. These will provide an overview of the surveillance practices by intelligence services in 39 countries around the world and also summarise the related requirements for businesses (such as to install intercept capabilities and provide access to data) and rights of data subjects. Watch out for that!
  2. On the Privacy Shield, our lawyers around the globe are busy analysing the most recent documents and opinions that have been issued in order to come up with manageable and sound cross-border data transfer strategies in these times of uncertainty.
  3. On the GDPR front, we are pleased to be able to offer you our Baker McKenzie GDPR Game Plan which you might already be familiar with. Please read on for the latest news on the GDPR developments and for your complimentary summary of the Baker McKenzie GDPR Game Plan.

And, of course, please contact your usual Baker McKenzie contact if you would like to discuss any of the above or other matters.

It is official: The EU General Data Protection Regulation is here to stay - Here is your GDPR Game Plan

After many years of drafting, debating, lobbying and voting at various levels, the EU Parliament officially adopted the General Data Protection Regulation (GDPR) in its plenary session on 14 April 2016. The GDPR will introduce a new data protection regime for the whole of Europe and will affect businesses of all sizes and sectors both within and outside of Europe.

The final text

The final text of the GDPR is available in all official EU languages and accessible here. Compared to the consolidated version of the GDPR text issued on 17 December 2015, the final text contains new numbering as well as linguistic changes. The GDPR now counts 173 Recitals and 99 Articles.

The latest changes to the text are of purely linguistic (rather than substantive) nature. For example, the term “individuals” has been replaced with “natural persons” and the text now consistently refers to “personal data” rather than “data”. Further, the drafting of some provisions (such as Art. 8 which requires parental consent in the case of provision of information society services directly to children) has been clarified – without changing their meaning though.

You can access an unofficial comparison of the GDPR text issued on 17 December 2015 versus the text issued on 6 April 2016 here.

Next Steps and Timeline

Now that it has been officially adopted, the final text of the GDPR will be published in the Official Journal of the EU, and the GDPR will enter into force 20 days after such publication (likely to be in May/ June 2016). However, while in force very soon, the GDPR will not start to apply until two years after coming into force (likely in May/ June 2018) to allow both the private and public sector to prepare for, and adapt to, the new rules.

While two years might sound like a long time, becoming GDPR-compliant is not something that can be achieved overnight, and we recommend that organisations start that process now (if they have not already done so).

Your GDPR Game Plan

To assist organisations get ready for the new rules under the GDPR, we have prepared the Baker McKenzie GDPR Game Plan which outlines 13 GDPR Game Changers that you need to be aware of and address and offers step-by-step guidance to become GDPR compliant. Click here for your complimentary copy of the GDPR Game Plan.

For more information on the Baker McKenzie GDPR Game Plan, please contact your usual Baker McKenzie contact.

For any questions, please contact your usual Baker McKenzie contact or one of our Global Privacy Team.

Explore More Insight