On Monday 11 April, we reported that the Council of the European Union had adopted its position at first reading on the GDPR. On 14 April 2016, the European Parliament took the final step in the legislative process, by formally adopting the latest version of the GDPR. This, according to the announcement made by the European Commission yesterday, “marks a significant achievement, and the culmination of over four years of hard work with the European Parliament, the Council, business, civil society and other stakeholders”.
The text still needs to be formally adopted by the Council a second time, although this is expected to be a formality. The final text will then be translated into the official languages of the European Union and published in the Official Journal of the European Union. The GDPR will enter into force 20 days after its publication, and will be directly applicable in all EU Member States two years later.
We have previously commented on the version of the GDPR which was agreed on 15 December 2015. In preparation for the second reading of the European Parliament, the Council published a new version, dated 6 April 2016.
No substantive changes have been made in that new version. The text has been subjected to a thorough proofread, which has clarified any potentially unclear wording and fixed the much-complained-about numbering issues.
Further updates to come…
Even though the finish line has (finally) been reached from a political point of view, the real task ahead will be the actual implementation of the GDPR by all stakeholders involved. In this respect, we will continue to update you in the weeks and months to come with any guidelines and opinions that are issued by the Article 29 Working Party, the national Data Protection Authorities or the Commission on this topic.
If you want to find out more about the GDPR, please get in touch with one of our experts.