Protection of personal data: new regulatory obligations for EU companies starting 25 May 2018

The legal and regulatory environment is changing and is preparing to impose significant obligations on companies and institutions that process personal or business data.


On 25 May 2018, a new European General Data Protection Regulation (GDPR) will enter into force, and all companies concerned will need to comply with it. This regulation will allow Europe to adapt to the new realities of digital.


From that date, companies or organisations will need to ensure optimal protection data at all times and be able to demonstrate this by documenting their compliance.


This new European data protection regulation is based on a logic of accountability, which entails in particular:


– Consideration of data protection starting from the design of a service or product and by default


– Establishment of an organisation, measures, and internal tools guaranteeing optimal protection for the individuals whose data are processed


Failure to comply with the GDPR will result in significant penalties, up to 4% of global turnover or 20 million euros.