14.04.2016

European Parliament adopts GDPR (and the Data Protection Directive)

New EU data protection rules which aim to give citizens back control of their personal data and create a high, uniform level of data protection across the EU fit for the digital era was given their final approval by MEPs on Thursday. The reform also sets minimum standards on use of data for policing and judicial purposes.
Next steps
The regulation will enter into force 20 days after its publication in the EU Official Journal. Its provisions will be directly applicable in all member states two years after this date.
Member states will have two years to transpose the provisions of the directive into national law.
Sources: Press releases by the EP and the Commission

UpdateNote from the General Secretariat of the Council regarding Outcome of the European Parliament's second reading of the GDPR, dated 15 April 2016:
Since no amendment had been adopted, the President of the European Parliament declared the Council's position at first reading approved.
The text of the European Parliament's legislative resolution is annexed to this note:
The European Parliament, [...]
1. Approves the Council position at first reading;
2. Notes that the act is adopted in accordance with the Council position;
3. Instructs its President to sign the act with the President of the Council, in accordance with Article 297(1) of the Treaty on the Functioning of the European Union;
4. Instructs its Secretary-General to sign the act, once it has been verified that all the procedures have been duly completed, and, in agreement with the Secretary-General of the Council, to arrange for its publication in the Official Journal of the European Union;
5. Instructs its President to forward its position to the Council, the Commission and the national parliaments.