Revised Data Protection Law – The Sword of Damocles for Businesses?

On May 4th, 2016 the General Data Protection Regulation (“GDPR“,  (EU) 2016/679) was published in the EU Official Journal. Although it will only come into force on May 25th, 2018 after a 2 year transition period, businesses should already start to get prepared and implement the specifications. Otherwise they risk severe penalties of up to € 20 million or 4 % of annual turnover.

The present Data Protection Directive (95/46/EC) dates back to the “stone age” of data protection, i.e. to 1995, a time where cloud computing and companies like Facebook, Google, WhatsApp, YouTube and Instagram didn’t exist. Consequently data protection jurisdiction has to be updated and modernised.  The new GDPR  also aims to provide a higher degree of harmonisation of data protection law within the EU. The presently valid regulation of 1995 is implemented differently in the various EU countries, with the result that the level of data protection varies greatly.

In a contribution for “Wirtschaft Tirol”, the Tyrol Chamber of Commerce journal, lawyer Dr. Georg Huber, LL.M explains which rights people will have according to the GDPR and which obligations companies will face. The GDPR places a lot of demands on businesses. Even if it is not going to come into force until May 2018, it is absolutely essential to focus on it now and get prepared.

The article in the “Tiroler Wirtschaft ” of  26.01.2017: Datenschutz neu – Damoklesschwert