News

GDPR gets a deadline: 25 May 2018

EU data protection rules will be enforced in two years' time

5 May 2016

A map of Europe with nodes to represent data hotspots

Shutterstock

The EU's General Data Protection Regulation (GDPR) rules will become law from 25 May 2018, following the publication of the document's final draft.

Companies now have 24 months to implement the guidelines outlined in the document, including who is accountable for security and how data flows between EU countries and those outside the zone.

It is also asking companies to set up a breach notification process, so if data is stolen, the details will be provided to authorities in a timely manner so the consequences can be examined and relevant parties notified quickly.

The EU aims to enforce GDPR, so is giving businesses two years to change their practices.

Those developments require a strong and more coherent data protection framework in the union, backed by strong enforcement, given the importance of creating the trust that will allow the digital economy to develop across the internal market.

To help companies become compliant in time for GDPR's roll-out, law firm Hogan Lovells has released a guide titled Future Proofing Privacy, authored by 24 of the company's employees from 10 offices around the region, giving tips to businesses who are currently compliant.

"At stake are not only the consequences of non-compliance, but also the ability to take advantage of new technologies, data analytics and the immense value of personal information," the guide said.

"From determining when European law applies to devising a workable cooperation strategy with national regulators, there are many intricate novelties to understand and address."

The GDPR guidelines were agreed by members of the EU back in January, but it has taken three months to publish them and circulate them publicly.