After four years in the works, a new European Union (EU) data protection law, the General Data Protection Regulation (GDPR), was approved by EU Parliament in April of 2016. The new law goes into effect today.
According to the EU’s portal, the GDPR “was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”
The far-reaching provisions of the GDPR include:
- Increased Territorial Scope (i.e., extra-territorial applicability)
- Stiff penalties for non-compliance
- Consent
- Data Subject Rights
- Breach Notification
- Right to Access
- Right to Be Forgotten
- Data Portability
- Privacy by Design
- Data Protection Officers
It’s hard not to wonder if—and when—the US will follow suit.
