General Data Protection Regulation Text Agreed

    View Authors December 2015
    Trilogue negotiations on the General Data Protection Regulation (GDPR) were completed on Tuesday 15 December 2015.

    Some Key Provisions
    • The GDPR establishes a single set of rules applying across the EU.
    • Companies based outside Europe will have to comply with those rules when offering services in the EU.
    • Fines of up to €20 million or 4% of annual worldwide turnover may be imposed for a breach.
    • A clarified right to be forgotten is introduced.
    • If relied upon, consent is required to be “unambiguous”.
    • There will be an obligation on many companies to appoint a data protection officer.