The International Chamber of Commerce (ICC) has today released a policy inventory identifying aspects of the European Union (EU) General Data Protection Regulation (GDPR) that will benefit from business experience and expertise. The tool will serve as a key resource for the global business community, who is currently scoping out how to consider and implement key aspects of the new regulation, which covers privacy and data protection for EU citizens.
Expected to be published in July of this year, followed by a two-year implementation process, the GDPR is generating a roar of discussion throughout the business world and once in place, will significantly affect business activity in all sectors - well beyond the borders of the EU. Including provisions on the right to erasure, binding corporate rules, and data breaches, the regulation will transform the privacy landscape known today.
"To facilitate analysis of where global business input on the regulation will be most useful, the ICC Commission on the Digital Economy is publishing its inventory to make it widely available," said Elizabeth Thomas-Raynaud, Senior Policy Executive for Digital Economy. "It will be used to identify where further guidance or implementing regulations will be promulgated and to convene global business input on those articles of the regulation where business practical experience and expertise could offer most insight."
The GDPR is a regulation with vast breath and scope and will not only impact companies in the EU or the tech industry. Any company that works with EU citizens data will need to comply with this regulation.
"The GDPR is a regulation with vast breath and scope and will not only impact companies in the EU or the tech industry. Any company that works with EU citizens data will need to comply with this regulation," said Chair of the ICC Commission on the Digital Economy and Oracle Chief Privacy Strategist Joseph Alhadeff. "With this in mind, it made sense for ICC, with members from all sectors and regions, to get the ball rolling on scoping where and what private sector input will be most useful."
The GDPR replaces Directive 95/46/EC which was enacted in 1995, and will significantly change EU data protection laws. Once officially adopted by the European Parliament and the Council of the European Union, it will apply in EU Member States after a period of two years. During a two-year implementation period additional guidance is expected, including whether and how Article 29 Working Party could transform into the European Data Protection Board.