On 25 January 2012, the European Commission published a proposal for a Data Protection Regulation (the “Proposed Regulation”) that is intended to replace the current regulatory framework in Europe. If adopted, the Proposed Regulation will introduce major changes that will affect not only businesses based in the EU but also organisations headquartered in the US and other countries that trade with Europe. The penalties for non-compliance, of up to 2% of global turnover, will give data protection and privacy compliance board-level prominence.
The stated aim of the Proposed Regulation is to bring the existing law, which is nearly two decades old, into line with modern business practice and a global economy. In practical terms, the Proposed Regulation could have a significant effect on the evolution of Internet-based businesses and the way in which virtually all companies with European employees, customers or suppliers organise themselves and conduct business.
The Squire Sanders publication “ in European Data Protection Law” provides a summary of key changes and next steps.