Out-Law News 1 min. read
22 Dec 2015, 10:00 am
The Council said its Permanent Representatives Committee (Coreper) gave its approval to a new General Data Protection Regulation and a new Data Protection Directive for police and criminal justice authorities on Friday.
The Luxembourg presidency of the Council, acting on behalf of the governments of EU countries, had reached agreement with MEPs on the wording of the legislation on Tuesday last week.
Coreper's agreement to the reforms followed a similar approval of the new rules by the European Parliament's Civil Liberties Committee on Thursday. The endorsements mean that the GDPR and new Directive can be put to a formal vote by EU law makers.
"After a legal-linguistic review of the texts, they will be submitted for adoption by the Council and, subsequently, by the Parliament," the Council said. "The regulation and the directive are likely to enter into force in spring 2018."
According to a leaked copy of the new GDPR (209-page / 475KB PDF) published on the Statewatch website, organisations will face a number of new obligations under the new regime, from reporting data breaches, enabling personal data to be portable to rival services, appointing data protection officers in certain cases and carrying out data protection impact assessments.
Companies could be fined up to 4% of their annual global turnover for the most serious infringements of the new rules. Business groups have raised a number of criticisms with the data protection reforms.