On Thursday April 14 2016, the European General Data Protection Regulation (GDPR) was formally adopted by the European Parliament. GDPR is a new set of rules that cover data handling and privacy obligations across Europe, and will be enforced by the 28 national data protection authorities in 2018. So businesses now have a two-year window to get compliance right.
The guidance, to be issued by national data protection authorities, will be critical in ensuring that the reforms are implemented with greater certainty for businesses. Member States of the EU still have a level of discretion on some provisions such as on whether to include a research exemption, and therefore by definition, customer and client feedback services, which may affect local guidance in this field.
There remains a lot of work to be done in this area of legislation but, for the time being, the content is clear and the timing narrowed down.
Read the European Commission press release here