19 April 2016 – On 14 April 2016, the European Parliament approved the European Council’s position at first reading and adopted the General Data Protection Regulation (GDPR).

With its approval of the European Council’s position, the European Parliament has now adopted the legislative package of the EU data protection reform, which comprises the GDPR as well as the Data Protection Directive for the police and criminal justice sector. The European Parliament thereby concluded the 4-year legislative reform process of the EU data protection law.

The GDPR will be published in the EU Official Journal and will formally enter into force 20 days after such publication, which will probably occur with the next few weeks. However, the provisions of the GDPR will only become applicable two years after their entry into force. Thus, they will probably become applicable in mid-2018. This transitional period will allow both controllers and processors of personal data as well as EU and EEA member states to prepare for and adapt to the new legal regime.

As Switzerland is neither a member of the EU nor of the EEA, the GDPR does not have a direct impact on Swiss data protection law. However, the GDPR will have an indirect impact since under certain circumstances the territorial scope of application of the GDPR also covers controllers established in Switzerland (or any other country outside the EU or EEA) [for more details, cf. news of 18.12.2015]. Moreover, it is expected that the EU data protection reform will have a strong factual influence on the content of the currently pending reform of the Swiss Federal Act on Data Protection (DPA) [cf. news of 01.04.2015].