General Data Protection Regulation And Data Transfer Processes In SMEsDownload our report on SMEs understanding and level of awareness of their obligations under the GDPR.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU). Following four years of preparation the GDPR was approved by the EU Parliament on the 14th of April 2016. It will come into force on the 25th of May 2018 at which time organisations who do not comply will face significant fines.
The Article 29 Working Party (“WP29“) is the group representing national data protection regulators in the EU. WP29 issued new guidance on a number of key elements of the new General Data Protection Regulation (“GDPR“).
The guidance consists of three individual sets of guidelines and FAQs:
- a clarification of the role of the now mandatory Data Protection Officer (“DPO“)
- a guide to the new right to data portability
- direction on the “one stop shop” mechanism for establishing the lead data protection authority in cases of cross-border data processing.