Data Protection Highlights - Looking Ahead To 2016

2015 was certainly an eventful year in privacy and data protection law. While we cannot predict what the next 12 months will bring, indications are that developments in 2016 will continue to keep organisations and privacy professionals busy. In the year ahead, there are at least three important items to look out for: new laws, a new data export mechanism and new case law.

  1. Adapting to a new EU legislative regime

    In late December, after years of development and extensive negotiations, a suite of new EU data protection laws were agreed. There are three significant new pieces of law. These are due to be formally adopted early in 2016. Organisations who deal with EU personal data will have two years from formal adoption to consider how to adapt to the new landscape and meet any new compliance challenges.

    1. The General Data Protection Regulation

      While the December 2015 deadline was seen as ambitious, the EU negotiators successfully agreed the text of the new General Data Protection Regulation (the "GDPR") in time to meet it. The GDPR is a comprehensive redrafting of EU Data Protection law. Although built upon its precursor (the current Data Protection Directive), the GDPR has been updated and modernised to reflect the changing needs and priorities in protecting privacy in an increasingly data-driven world. Some of the notable changes from the Data Protection Directive include significant new penalties (with fines up to the higher of €20 million or 4% of total annual worldwide turnover), a strengthened notion of consent, the development of a 'one stop shop' mechanism for the jurisdiction of EU regulators and increased compliance and accountability requirements on data controllers. As the GDPR is a regulation, rather than a directive, Member States will not be required to implement it in local law. This means that the GDPR will apply to all EU Member States from when it comes into force.

    2. The Network Information Security Directive

      Previously known as the Cybersecurity Directive, the Network Information Security Directive (the "NIS Directive") aims to prevent - and minimise the impact of - interruptions to essential services. Operators of such services (which extend to energy, transport, banking, financial market infrastructures, health, water and digital infrastructure providers) will be affected by the NIS Directive. Such operators will face new network and information security requirements and notification obligations. Digital service...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT