European Parliament adopts Data Protection Regulation: Enters into force by July

The European Parliament’s plenary session this afternoon adopted the EU Data Protection Regulation. It is expected that it will enter into force by July, 20 days after its publication in the EU Official Journal. Its provisions will be directly applicable in all Member States two years after this date.

"The general data protection regulation makes a high, uniform level of data protection throughout the EU a reality. This is a great success for the European Parliament and a fierce European 'yes' to strong consumer rights and competition in the digital age. Citizens will be able to decide for themselves which personal information they want to share", said Jan Philipp Albrecht (Greens, DE), who steered the legislation through Parliament.

"The regulation will also create clarity for businesses by establishing a single law across the EU. The new law creates confidence, legal certainty and fairer competition", he added.

The new rules include provisions on:

  • a right to be forgotten,
  • "clear and affirmative consent" to the processing of private data by the person concerned,
  • a right to transfer your data to another service provider,
  • the right to know when your data has been hacked,
  • ensuring that privacy policies are explained in clear and understandable language, and
  • stronger enforcement and fines up to 4% of firms' total worldwide annual turnover, as a deterrent to breaking the rules.

The EU Data Protection Regulation will continue to be monitored by PL&B Reports and covered by several speakers at Great Expectations, Privacy Laws & Business’s 29th Annual Conference, 4-6 July at St. John’s College, Cambridge.