EU data protection law has come a long way over the last two decades.
EU data protection law has come a long way over the last two decades. Regulation (EU) 2016/679, (the General Data Protection Regulation, or “GDPR”), which replaces Directive 95/46/EC, (the “Directive”), was published on 4 May 2016 and was the culmination of a four-year legislative process. It will enter into force in May 2018.
The GDPR will impact almost every organisation that is based in the EU, as well as every organisation that does business in the EU, even if based abroad. The GDPR applies to processing of data carried out by organisations operating within the EU and establishes various rules in regard to processing of data which must be complied with.
Of particular relevance to companies in Sri Lanka is that it also applies to organisations outside the EU that trade in goods or services with persons in the EU.
The GDPR dramatically increases the maximum penalties for non-compliance to the greater of €20 million, or four percent of worldwide turnover.
Enforcement of the GDPR commences from 25th May 2018.
We assist businesses in Sri Lanka to understand the ramifications of the GDPR. Our team of lawyers provides legal services and the practical advice necessary to become compliant under the GDPR. We provide practical advice to clients throughout the EU, Sri Lanka and beyond.