The new General Data Protection Regulation coming into force in June 2018 extends the scope of the EU data protection law to foreign companies processing data of EU residents. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 2% of worldwide turnover. As the new regulation conflicts with other non-European laws and regulations and practices (e.g. surveillance by governments) companies in such countries should not be acceptable for processing EU personal data anymore. However, the biggest challenge might be the implementation of the GDPR in practice. Its implementation will require comprehensive changes of business practices for companies that did not implement a comparable level of privacy until now (especially non-European companies handling EU personal data). Learn in this panel the major tasks for companies inside and outside of the EU.
