A new EU data protection era has started today with the publication on the Official Journal of the European Union of: 1) the new Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and free movement of such data; 2) the new Directive (EU) 2016/680 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purpose of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties and on the free movement of such data; and, 3) the new Directive (EU) 2016/681 on the use of passenger name record (PNR) data for prevention, detection, investigation and prosecution of terrorist offences and serious crime.

The EU has then finalised the process of revising and updating the set of rules governing personal data protection, introducing a modern mechanism of safeguard, inspired to the highest available standards of protection, supported by sanction tools in case of infringement. Companies will have now to adjust their organisation and streamline their standard operating procedures with regard to the collection, processing, storage and transfers of personal data to ensure full compliance with the new rules and to mitigate the risk to be exposed to administrative fines and other penalties.