The General Data Protection Regulation (GDPR) has passed through the final stages of approval, clearing the way for publication in the Official Journal. The GDPR will come into force roughly two years following the date of publication.

Following political agreement between the European Commission, the Council of Europe and the European Parliament in December last year, the compromise text has been going through a formal adoption process.

Last week, the text was approved by EU member states in a vote by the Council of the European Union. Today the final part of the process took place with approval from the European Parliament.

Whilst the final text of the GDPR itself has now been formally approved, much of the detail will be set out in other documents.

Guidance will be issued by the European Data Protection Board (which replaces the Article 29 Working Party grouping of national data protection authorities) and member states will need to pass national implementing legislation in relation to those areas of the GDPR where member states are given derogated powers to legislate. The European Commission is also provided with the power to adopt delegated acts and implementing acts. It is expected that more detail on this will be published over the coming months.

Preparing for the GDPR

We are running a series of events in our offices to explain what is changing with the GDPR and what organisations should be doing to prepare for the GDPR coming into force in 2018.

If you'd like to discuss how the GDPR will impact on your organisation or what you should be doing to prepare, please get in touch with me or your usual Brodies contact.


Martin Sloan