"The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive (95/46/EC) and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. The regulation has for ambition to strengthen citizens’ fundamental rights in the digital age and to facilitate business by unifying rules for companies in the European Digital Single Market. The GDPR requires greater transparency; it imposes tighter limits on personal data processing; and it gives individuals more powerful rights towards organizations. Meeting these requirements will prove to be a serious challenge for the financial industry.
Focus on the General Data Protection Regulation (GDPR)
Current EU data protection framework is based on Directive 95/46/EC (the “Directive”), which was introduced in 1995. The way that each Member State implements the law led to inconsistencies, which creates complexity, legal uncertainty and administrative costs. The current rules also need to be modernized in order to accompany and provide answer to the digital age challenges. The regulation entered into force on May 24th, 2016 and will be directly applicable across the EU, without the need for national implementation from May 25th, 2018."