GDPR published – Enforcement begins on 25 May 2018 | White & Case LLP International Law Firm, Global Law Practice
GDPR published – Enforcement begins on 25 May 2018

GDPR published – Enforcement begins on 25 May 2018

White & Case Technology Newsflash

EU Regulation 2016/679 (the General Data Protection Regulation, or "GDPR") was officially published on 4 May 2016. Enforcement will begin on 25 May 2018, giving businesses just over two years to bring their operations into line with the sweeping changes introduced by the GDPR.


On 4 May 2016, after more than four years of drafts, discussions and negotiations, the GDPR was published in the Official Journal of the EU by the Secretaries-General of the European Parliament and of the Council of the EU. It will come into force after a further twenty days, followed by an effective two-year grace period, meaning that enforcement of the GDPR will not begin until 25 May 2018.

During the two-year grace period, the existing collection of national data protection laws, based on EU Directive 95/46/EC, will continue to apply. However, as the GDPR makes wide-ranging changes to existing EU data protection law, businesses will need to use this window wisely, allocating sufficient time and resources to ensure that they are compliant by 25 May 2018. Failure to meet this deadline may result in enforcement action under the GDPR, including possible fines up to the greater of €20 million or 4% of annual global turnover. France is already in the process of introducing legislation to implement fines at these levels immediately, rather than waiting for the GDPR to become enforceable. It is not yet clear whether other Member States will follow suit.

How can White & Case help?

With one of the largest and most experienced data privacy and cyber security groups in the world, our team is on hand to assist businesses on all aspects of the GDPR.

We will soon be releasing a detailed overview of the GDPR, explaining the impact of the new requirements, and providing practical guidance on the steps that businesses should take to minimise their compliance risk while protecting and enhancing their competitive advantage.

For more information, kindly contact Data Privacy Group.


Audrey Oh, a Trainee Solicitor at White & Case, assisted in the development of this publication.

This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2016 White & Case LLP