On 6 April 2016, the EU agreed a major reform of its data protection framework and adopted the General Data Protection Regulation (GDPR). As the new EU-wide data protection instrument, GDPR seeks to guarantee the free flow of personal data between EU Member States and to reinforce the trust and security of consumers, as Digital Single Market (DSM) fundamentals.
GDPR seeks to enable higher levels of data security, empower market participants, boost competition and modernise administration and public services. Its successful application requires co-operation among all involved in data protection.
Since the adoption of GDPR in May 2016, the Commission has actively engaged with stakeholders to ensure that the importance and scale of the changes introduced by the Regulation are properly communicated. It has dedicated EUR 1.7 million to fund data protection authorities and support awareness training, with a further EUR 2 million available to national authorities for direct business support.
Issued ahead of the GDPR implementation deadline, this Guidance:
With preparations progressing at variable speed across EU Member States, the Guidance outlines action required by the Commission, national data protection authorities and national administrations towards a successful completion of preparations.
The Commission expects that the new data protection framework will have a wide-ranging impact and observes that significant adjustments will still be required in some respects. Member States are encouraged to speed up the adoption of national legislation in alignment with the GDPR provisions, and notes that national authorities should be suitably funded and staffed in order `to guarantee their independence and efficiency'.
The Guidance calls on all actors concerned to intensify efforts towards ensuring the consistent application and interpretation of the new rules across the EU.
A successful preparation should include the following actions:
The Commission will continue to actively support all actors ahead of GDPR entering into force on 25 May 2018. Thereafter, it will monitor Member State compliance and continue with multi-stakeholder group engagement, reviewing stakeholder experience in May 2019 and producing an evaluation report expected to be published by May 2020.
Clients should be aware of the Commission's drive for adequate preparedness for the introduction of uniform data treatment rules that strengthen the protection of individual rights and carry significant enforcement powers. EU data economy advances offer opportunities and benefits for businesses leveraging their competitive advantage and embracing innovation.
KPMG member firms have expertise and experience in helping clients prepare for the new requirements. Click here (PDF 1.14 MB) to find our more.