General Data Protection Regulation (GDPR)

The European Parliament ratified the General Data Protection Regulation (GDPR) on 14 April 2016, and as of 25 May 2018, organisations are required to be in full compliance with the GDPR. This new legislation has been the most impactful change in Privacy and Data Protection regulation over the last decade, and affects organisations worldwide. The GDPR necessitates fundamental changes to the ways in which organisations approach data protection. Privacy risks need to be structurally mitigated through the implementation of core principles, such as lawfulness, fairness and transparency of data processing. Each organization is required to keep a detailed documentation in order to show accountability to the privacy authority.

2019
2020
2021
2022
2023
2024
4
1
Implementation / enforcement 01/2012 - 12/2015
2
Discussion / consultation 12/2015 - 05/2016
3
Implementation / enforcement 05/2016 - 05/2018
4
In effect 05/2018 -

STATUS
Applicable since 25 May 2018

Before the effectuation of the GDPR, enforcement possibilities of data protection regulators were limited. With the GDPR, this has fundamentally changed. The GDPR introduced fines that may amount to 4% of the global annual turnover. Furthermore, due to the requirement to implement Privacy by Design and Privacy by Default, organisations will have to include data protection considerations in the core of their business activities. In addition, the geographic scope of this legislation reaches all organisations that offer goods or services to EU-citizens and organisations that monitor the (online) behaviour of EU-citizens.

Further information:
KPMG: Data Privacy

author
Chantal Rademaker de Ridder Partner
Categories: Privacy & Security