News
The General Data Protection Regulation Enters Into Force
Today the European Union’s General Data Protection Regulation (GDPR) officially enters into force, after four and a half years of negotiations between the union’s member states and institutions. The new legislation will not be fully enforceable until 25 May 2018, at which time it will have a direct and immediate effect in all EU member states, but many business are already making the necessary changes to their business operations.
The purpose of the new legislation is to ensure a high level of protection for all individuals within the European Union which entrust personal information about themselves to other parties, for example with private companies for filing or automated processing. Through the GDPR all EU member states are adopting tighter rules for how and when personal data can be collected and processed. At the same time they are increasing the individual’s ability to have data related complaints redressed through the authorities and the legal systems of the member states. Even companies which are not established within the European Union are to be bound by the new legislation with regards to personal data collected while providing goods or services to individuals within the EU, or otherwise monitor the behavior of such individuals. To ensure compliance, the maximum fines for failure to uphold the GDPR has been set to 20 million Euro or 4% of the offenders global turnover, whichever is higher.
The Swedish data protection legislation is already in most respects well aligned with the new EU regulation, but for non-European companies looking to establish themselves on the EU market professional advice is recommended.