After long years of negotiations, on 14 April 2016 the EU Parliament approved the general data protection regulation (“Regulation”), which – compared to the current rules – means changes both for private persons and companies.
The Regulation shall replace the current EU Directive, being implemented by the member states in certain cases quite different ways, and a new, consolidated regime shall be directly implemented by the member states.
The Regulation will enter into force after two years from its approval, however, due to the significant changes included therein, it is advisable for companies to start reviewing their internal rules and prepare for their potential amendments. The infringement of the new rules may be subject to a fine of up to 20.000.000 EUR, or in case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year (whichever is higher).
