Five Things to Know About the New EU General Data Protection Regulation


The European Union has finally gotten around to updating its seriously old and outdated framework privacy regime. The old EU Data Protection Directive has been around since 1995—when Clinton was president … the dude, not his wife—the lady who might be living in the White House next year. 

The new EU Data Protection Regulation (GDPR) is designed to bring things into the digital world and comes into effect in May 2018. 

But you don’t have to read all of the 261-page regulation. In a recent video segment, Bloomberg BNA Privacy & Security News Managing Editor Don Aplin points to five things you should know about the GDPR.

First, it sets up one privacy and data security law for the EU rather than separate laws in the 28 EU member states—27 if the U.K. follows through on its Brexit divorce from the bloc.

Second, the GDPR has a right to be forgotten provision to allow individuals in the EU to ask search engines like Google to remove search links to stuff where privacy outweighs the public’s right to know.

Third, if a company gets busted for violating the GDPR they may face really big fines of up to 4 percent of their worldwide revenue. 

Fourth, the two year delay until the GDPR takes effect gives companies a chance to get their privacy policies and practices into line before facing any risk of those mega-fines.

Fifth, even though the EU is moving to a one major privacy law regime, there will still be lots of room for interpretation. So privacy and data security attorneys will definitely be busy for the foreseeable future.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.