Short Reads

General Data Protection Regulation comes into effect

General Data Protection Regulation comes into effect

General Data Protection Regulation comes into effect

07.08.2018 NL law

On 25 May 2018, the European Union's General Data Protection Regulation (GDPR) came into effect. The GDPR replaces the EU's prior directive governing the processing and transfer of personal data, which was in place since 1995. As a regulation, the GDPR is directly applicable in all 28 EU member states and thus removes the need for national implementing legislation. However, the GDPR allows member states discretion in certain areas, as a result of which national legislation may still be implemented. In the Netherlands, the GDPR Implementation Act came into effect on 25 May 2018.

The GDPR intends to harmonise rules regarding the protection of personal data and the promotion of free movement of such personal data within the EU. It provides a set of standardised data protection laws across all EU member states. The GDPR affects both natural persons and companies. As regards natural persons, their existing privacy rights have been strengthened and new and improved rights have been introduced. In addition, natural persons have been given greater control over their own personal data.

As regards companies, the GDPR applies to both EU companies and non-EU companies that (i) process personal data in relation to the offering of goods or services to EU data subjects or (ii) monitor the behaviour of data subjects occurring within the EU. Even if a company only processes data on behalf of somebody else, it is still subject to the GDPR. The GDPR expressly addresses the role and responsibility of data processors, in other words those entities that process personal data on behalf of another entity that controls the data and the purpose for which the data are being processed (i.e. data controllers). For example, a hosting provider is a data processor for the company owning the website and a payroll service provider is a data processor for the employer outsourcing payroll services.

For companies, new and stricter requirements have been introduced. The GDPR places a number of onerous obligations on companies to have them demonstrate compliance with the GDPR. Companies need to, among other things, put procedures and systems in place so there is a structure for certain topics like risk assessment and decision-making. They are also required to keep a register of all processing activities and, in some cases, designate a data protection officer.

Failing to comply with the GDPR could have a huge impact on companies as the maximum fines for non-compliance are significantly higher than before. For example, companies could now face fines of (i) 4% of total annual worldwide turnover or (ii) EUR 20 million, whichever is higher, depending on the type and severity of the non-compliance in the individual case. In addition, the supervising authorities can issue a warning or impose a temporary or definitive ban on processing personal data.

For more information, please visit the GDPR page on our MyStibbe portal.

Team

Related news

07.12.2018 BE law
Virtual Currency Regulation Law Review

Articles - The first edition of the Virtual Currency Regulation Law Review is intended to provide a practical, business-focused analysis of recent legal and regulatory changes and developments, and of their effects, and to look forward at expected trends in the area of virtual currencies on a country-by-country basis.

Read more

04.12.2018 NL law
Stibbe appoints two new partners and three counsel

Inside Stibbe - Stibbe has promoted Floris ten Have (EU law, competition and regulation, Amsterdam) and Julien Bogaerts (corporate and finance, Brussels) to partner. In addition, Johan Zwemmer (employment law, Amsterdam), Li Wee Toh (energy and industry, Amsterdam) and Giovanni Smet (tax, Brussels) have been promoted to counsel. The new appointments will take effect on 1 January 2019.

Read more

07.12.2018 BE law
GDPR-roundtable on practical questions encountered during implementation

Roundtable - After the success of the roundtable sessions we held before the GDPR took effect (in May this year), our TMT team is enthusiastic about the session of 7 December, focusing on the lessons we have learned from working on multiple GDPR-matters in the past year. We will tackle some practical questions that we have encountered and that are not or cannot be readily answered by the new regulation.

Read more

04.12.2018 NL law
Stibbe benoemt twee nieuwe partners en drie counsels

Inside Stibbe - Stibbe benoemt Floris ten Have (mededingingsrecht, Amsterdam) en Julien Bogaerts (corporate en finance, Brussel) tot partner. Johan Zwemmer (arbeidsrecht, Amsterdam), Li Wee Toh (energierecht en industrie, Amsterdam) en Giovanni Smet (fiscaal recht, Brussel) zijn benoemd tot counsel. De nieuwe benoemingen gaan in vanaf 1 januari 2019.

Read more

Our website uses cookies: third party analytics cookies to best adapt our website to your needs & cookies to enable social media functionalities. For more information on the use of cookies, please check our Privacy and Cookie Policy. Please note that you can change your cookie opt-ins at any time via your browser settings.

Privacy – en cookieverklaring