The vote marks the final stage of the adoption process after various European institutions agreed on the text of the regulation last December.
“The new rules will ensure that the fundamental right to personal data protection is guaranteed for all,” said European Commissioners Frans Timmermans and Vera Jourova in a joint statement.
“The General Data Protection Regulation will help stimulate the Digital Single Market in the EU by fostering trust in online services by consumers and legal certainty for businesses based on clear and uniform rules.”
The regulation, which replaces the present data protection directive from 1995, will come into force from 2018 in the European Union’s 28 member states. It is not just European telcos that will be affected - any carrier based elsewhere in the world with customers or employees who are EU citizens will be subject to the regulations.
The key changes include: stronger enforcement and fines of up to 4% of companies’ global turnover; the right for consumers to know when companies’ data have been hacked within 72 hours; a requirement for larger companies to appoint a data protection officer; “clear and affirmative consent” to the processing of private data by the person concerned.
Andrew Dyson, partner and co-chair of DLA Piper’s international privacy and data protection practice, referred to the directive as a “landmark set of reforms that will significantly alter the way companies and consumers manage their data”.
He expects companies to be increasingly innovative with the way privacy policies are presented to consumers, with greater use of profile centres where individuals can control the use of their personal information.
“Companies will need to invest in enhanced systems and processes to accommodate these new rights and have robust governance in place to manage compliance effectively,” he said, adding that this is especially the case with the emergence of big data analytics, cloud and the internet of things.
“There is no doubt that the GDPR is timely, coming at a point where our digital footprints become ever larger and the risk of data breaches more pervasive. With a two year window to prepare, now is the time for companies to implement the changes needed to ensure the GDPR enables rather than hinders digital growth,” Dyson said.