After three years of negotiations, this week saw the European Union take the significant step of agreeing new privacy legislation – the General Data Protection Regulation – which will bring Europe’s ageing data privacy regulation up to date for the modern technological era.
Sanctions for failing to comply with the new requirements include fines of up to 4% of worldwide annual turnovers. The new rules will introduce mandatory data breach notification for all, joint and several liability for suppliers (data processors); tougher restrictions on the use of profiling and the collection and use of children’s data; enhanced rights for individuals; and a requirement for most organisations to appoint a data protection officer. Plus, there will be more exacting requirements for organisations to ensure privacy by design and by default and to document their compliance with the new regime.
Unsurprisingly, this week the comments flooded in and here we bring you many of them in full.