EU Data Privacy Law Takes Effect This Month: Are You Ready?

EU Data Privacy Law Takes Effect This Month: Are You Ready?

The European Union’s far-reaching data privacy law, the General Data Protection Regulation (GDPR) will come into force on 25 May 2018. It brings with it a number of changes to the data privacy laws across Europe and places a significant burden on businesses to comply — and demonstrate compliance — with the new regime. However, a recent study found that 65% of companies are not ready for the GDPR. Are you one of the 35%, or do you still have some work to do?

GDPR Ally Law

Replacing a previous law called the Data Protection Directive, the GDRP is intended to harmonize data privacy rules across the EU. Key changes under the new regime include:

  • A requirement for businesses to be transparent about what data they have and what they will do with it
  • Enhanced rights for data subjects, including the right to request a copy of any data held, free of charge and in an electronic format
  • The need for some organizations to appoint a compulsory Data Protection Officer
  • A tightening in the way that consent to process a person’s data may be collected
  • A new obligation to report breaches both to the regulator (in the UK’s case, the Information Commissioner’s Office) and to the data subjects
  • Fines for non-compliance of 4% of worldwide turnover or €20 million


Businesses in Europe and companies that have operations and customers in the EU must be in compliance with the GDPR effective 25 May 2018 — there is no transition period. To cut through the myths and misconceptions about the law and ensure that you are following a sensible approach to compliance, contact your Ally Law cybersecurity and privacy lawyer.

Click here to read the full article by Nick Phillips of Ally Law member Edwin Coe LLP.


Recent Posts