2 mins read

GDPR: EU Data Protection Regulation Comes into Force

New European Union rules on data protection have now come into effect.

The General Data Protection Regulation (GDPR) gives EU citizens more rights over how their personal information is used.

Companies working in the EU must now get express consent to collect personal information, or face significant fines. The Regulation is an effort by EU lawmakers to limit the scale of tech companies’ powers and ensure data privacy for its citizens.

Lawmakers in Brussels finally passed the new legislation in April 2016, in advance of the May 25th enforcement date, and the full text of the regulation has since been published online.

In the UK, which is due to leave the EU in 2019, a new Data Protection Act received Royal Assent this week and will incorporate the provisions of the GDPR, with some minor changes.

A government statement said the new law would make the UK’s data protection laws fit for the digital age – Elizabeth Denham, the Information Commissioner, welcomed the new law in a blog post on the ICO website, saying her office was eager to embrace the changes it would bring and that it would give the UK one of the world’s more progressive data protection regimes.

The new chair of the European Data Protection Board Andrea Jelinek told the FT they expect cases to be filed “imminently”.

“If the complainants come, we will be ready,” she said.

Ireland’s data regulator Helen Dixon also spoke to the newspaper, saying the country is ready to use “the full toolkit” against non-compliant companies. Publishers will note that both Facebook and Twitter have their EU headquarters in Ireland.

Further reading:

What’s New in Publishing: GDPR: The ultimate resource guide for publishers

What’s New in Publishing: GDPR – a checklist for publishers

What’s New in Publishing: What GDPR means for publishers privacy policies