Interesting times.

Welcome to the 2016 edition of Data Protected.

The report is published at an exciting and challenging juncture. The General Data Protection Regulation has finally been adopted and will apply in all Member States from May 2018. The most pressing concern for businesses subject to the Regulation is to bring their processing into line with its requirements before this deadline. We have prepared a Survival Guide to help with this exercise and our Lead Article examines the changes to the use of processing conditions under the Regulation.  

Businesses based in the United Kingdom must deal with the added complications of Brexit. It is now clear that the General Data Protection Regulation will apply in the United Kingdom in the short term, not least because the United Kingdom is very unlikely to leave the European Union until early 2019. Whether the United Kingdom’s data protection laws will change in the medium term is less certain, and raises a number of concerns, including the implications for free flows of personal data between the European Union and the United Kingdom.

These concerns form part of a wider challenge to the international transfer of personal data. The EU-U.S. Privacy Shield was passed in July to replace the invalidated U.S. Safe Harbor scheme, but is likely to be challenged in the European Court of Justice and therefore faces an uncertain future. Of greater significance is the challenge to Model Contracts. The Irish High Court will hear this challenge in February 2017 and is expected to make a reference to the European Court of Justice shortly afterwards. Model Contracts are critical to many international transfers of personal data and their loss, even for an interim period, would create an existential crisis for this area of law.

Added to this is the continuing need to focus on day-to-day compliance and the challenges brought about by new technology. Issues such as cyber attacks, big data, artificial intelligence and the internet of things are less and less about horizon gazing, and more about the here and now.  

We hope that this report provides some help with these issues. If you have suggestions about the report, or any other comments, please let us know.



Tanguy Van Overstraeten
Global Head of Privacy and Data
Linklaters LLP
September 2016


Richard Cumbley
Global Head of Technology, Media and Telecommunications
Linklaters LLP
September 2016

This report only considers issues arising out of the Data Protection Directive and the Privacy and Electronic Communications Directive as they currently stand, and similar national legislation outside of the European Union. Its purpose is not to provide legal advice or exhaustive information but rather to create awareness of the main rules. Needless to say, each contributing law firm prepared their section of the report. Should you have any questions in connection with the issues raised or if specific advice is needed, please consult one of the lawyers referred to in this report.
















This site does not use cookies