Yesterday evening, the Council of Ministers issued a new consolidated version of the General Data Protection Regulation (GDPR). This is the first “clean” version of the GDPR that (a) incorporates all revisions agreed upon from the time of the Commission’s original 2012 proposal to the December 2015 trilogue compromise text; and (b) numbers individual provisions as can be anticipated in the final adopted version of the GDPR. The new consolidated text can be accessed here.
The new GDPR text follows closely on the heels of the Council accelerating the timetable for the GDPR’s passage. Originally, the Council was scheduled to vote on the consolidated GDPR text on April 21, 2016. However, on Monday, the Council issued a Note invoking its “written procedure” (an extraordinary procedure without public deliberation) to approve the consolidated version of the GDPR by noon on April 8.
Presuming the consolidated GDPR text is adopted by the Council’s written procedure, it will proceed for final vote to the European Parliament. Once adopted, it will be published in the Official Journal of the European Union and enter into force 20 days thereafter. For businesses, this means that the GDPR is likely to enter into force in May or June of this year. As soon as it does, the GDPR’s two-year clock for compliance will begin running.
Alston & Bird’s Privacy & Data Security Team on both sides of the Atlantic is closely following the passage of the GDPR and helping businesses understand the compliance obligations they will soon be facing. On April 28, Alston & Bird will host the first installment in a multi-part Roadmap to the GDPR webinar series. For more information, contact Jim Harvey.