The EU General Data Protection Regulation [GDPR] is the first comprehensive overhaul of European Union data protection rules in 20 years and organisations have less than 2 years to comply. With tough requirements, including a 72-hour breach notification and stiff penalties of up to €20 million or 4% of global annual turnover, it is every organisation’s imperative to start working towards compliance today. What is the impact on businesses in Asia? What is the territorial scope, and controller and processor obligations?
View panel discussion video here.
Dean, Faculty of Law
National University of Singapore
Managing Director, London
Privacy and Data Protection Lawyer
EU General Data Protection Regulation [GDPR]
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her.
The principles of, and rules on the protection of natural persons with regard to the processing of their personal data should, whatever their nationality or residence, respect their fundamental rights and freedoms, in particular their right to the protection of personal data. This Regulation is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons. [read more]