After four years of discussions, an agreement has been reached between the EU Parliament, European Commission and EU Council for the formation of a new EU data protection framework, heralding a new harmonised future for data protection law in Europe.
This framework comes in the form of a Regulation called the General Data Protection Regulation (GDPR). The formal adoption of the GDPR is expected in early 2016, but it will not take effect for a further two years. Whilst this still seems to be on the distant horizon for many, prudent organisations are already beginning to implement changes to ensure compliance.
Until now, many have assumed that data breaches and cyber-attacks have been a relatively infrequent event in Europe, especially when compared to our counterparts in the US. However, current regulations do not require companies to notify either their Data Protection Authority or the affected data subjects so how would we know how prevalent these incidents are?
Companies will no longer be able to hide breaches under the new regulations. With the widening of the territorial scope of the GDPR, the effects will not just be felt by EU domiciled companies, but the GDPR will impact companies worldwide. The need for adequate risk management, security systems and insurance has never been more pertinent.
Please follow the link below to find out more about the European GDPR.