Jenner & Block

Update on the EU General Data Protection Regulation: Countdown to Implementation

Nearly two years ago, on May 24, 2016, the European Union (EU) adopted a new law—the General Data Protection Regulation (GDPR or Regulation)—to replace the Data Protection Directive, which has governed data protection in the EU since 1995. While the GDPR resembles the Data Protection Directive, it has some important differences. These include new rights for data subjects, such as the right to data portability and the right to erasure (“right to be forgotten”) in certain circumstances; new data breach notification requirements, including a requirement to notify the relevant Data Protection Authority within 72 hours of discovery of the breach (unless exceptions apply); and much stricter penalties and fines for non-compliance.

Read more.