On the 25th May 2018, the EU will introduce a new legislation called General Data Protection Regulation (GDPR) that will replace the current structure on the handling of data. It will apply to all businesses who supply goods and/or services to EU citizens and therefore handle personal data.

In addition, the GDPR contains the following changes:

  • Enhanced documentation to be kept by data controllers.
  • Enhanced privacy notices.
  • More detailed rules regarding ‘consent’.
  • Mandatory data breach notification requirements.
  • Enhanced data subject rights.
  • New obligations on data processors.
  • Expanded territorial scope.
  • Appointment of Data Protection Officers

Many of the implications of the new GDPR will affect companies on a commercial level. However, it also has an impact on many areas from a HR/employment perspective and fines for non-compliance can go up to a maximum of €20 million or 4% of global annual turnover (whichever is greater).

If you would like more information on GDPR please email james.kiernan@chambers.ie.