EU Data Protection Regulation: A Concise Primer for In-House Counsels on Key Changes in the Regulatory Regime
Abstract
After years of discussions, wrangling, lobbying and politicking, the EU General Data Protection Regulation (“EU GDPR”) was finalized in the spring of 2016 by EU institutions, which means that it will go into effect in the spring of 2018, radically transforming the data protection regulatory landscape in EU and perhaps, around the world. While the final text of EU GDPR is significantly better for organizations than the initial draft proposed by the EU Commission in 2012, it is still the most stringent and expansive piece of data protection regulation around the world, with the potential of very stiff penalties for non-compliance. In this paper, we will review the key aspects of the EU GDPR from a general counsel perspective to provide a bird’s eye view of key features of the EU GDPR and key areas of the EU GDPR which may bring about significant change for legal and compliance departments.