EY logo

EY

Financial Services Ireland

GDPR

Read more

On 15th December 2015, following three years of drafting and negotiations, the European Parliament and Council of the European Union reached an informal agreement on the EU General Data Protection Regulation (GDPR).

The aims of the GDPR are to reinforce data protection rights of individuals, facilitate the free flow of personal data in the digital single market and reduce the administrative burden. The GDPR replaces the 1995 General Data Protection Directive and applies directly to each of the 28 EU Member States.

On 14th April 2016, the Regulation and the Directive were adopted by the European Parliament. The new rules are applicable for two years.

The Main Changes for Citizens:

  • When an individual no longer wants their data to be processed, the data must be deleted (“right to be forgotten”)
  • Individuals have the right to more information on how their data is processed, available in a clear and understandable way
  • A right to data portability will make it easier for individuals to transmit personal data between service providers
  • An individual has the right to know when their data has been breached

The Main Impacts for Companies and Organizations:

  • Companies and organizations must notify their national supervisory authority of data breaches which put individuals at risk and communicate all high risk breaches as soon as possible to the data subject
  • Data protection safeguards must be built into products and services (Data protection by Design and by Default) from the earliest stage of development. Privacy–friendly default settings will be the norm — for example on social networks or mobile apps
  • For companies who do not comply with EU rules, data protection authorities will be able to issue fines of up to 4% of their global annual turnover
  • As part of the reform, companies based outside of Europe will have to apply the same rules when they offer goods or services within the EU market
  • One pan–European law for data protection replaces the current inconsistent patchwork of national laws, meaning that Companies will now deal with one law, not 28
  • The Regulation, being technologically neutral, enables innovation to continue to thrive under the new rules
  • Companies will only have to deal with one single supervisory authority, not 28, making it simpler and cheaper for companies to do business in the EU

Conor McGoveran

Associate Partner
Conor's Full Profile


How I Help


GDPR GDPR – First Anniversary: Themes and Insights It was an extremely interesting morning at EY's breakfast seminar, GDPR - First Anniversary. ThroughRead more
GDPR SURVEY GDPR is almost 9 months old: where does the Irish funds industry stand? The General Data Protection Regulation, with the primary aim of strengthening the data rights ofRead more
ASSET MANAGEMENT What does GDPR mean for the asset management industry? Almost three months on from the GDPR compliance deadline, many large firms are still notRead more
Common Reporting Standard GDPR, FATCA and CRS The introduction of the EU Global Data Protection Regulation “GDPR”, which replaces the existing dataRead more
Insights GDPR: Demanding new privacy rights and obligations In the race to compete in today’s digital world, organizations are using social, mobile, bigRead more

Load More


Related Content

ey 2023 global financial services regulatory report Read More
Leveraging digital transformation to unlock new value in SME banking Read More
Special Article Sample Post Read More
Operational Resilience and Cybersecurity: How prepared is your organisation against operational disruption? Read More
Digital Operational Resilience Read More
CBI Cross Industry Guidance on Operational Resilience - CP140 Read More

Load More