The EU Commission has confirmed that agreement has been reached on the EU General Data Protection Regulation (GDPR).
The Commission, European Parliament and the Council have – after much debate – finalised their position following final negotiations between the three institutions (the so-called ‘trilogue’ meetings).
The final text of the new law will follow early in 2016 and – once Heads of government and the full Parliament add their agreement in January – organisations will have two years in which to comply with the new law.
The Information Commissioner has noted that
“the new regulation contains a great deal of compliance detail that isn’t present in the current law. But there is no doubt that the best preparation for an organisation is to comply with the current law”