Last updated: 
1 month 3 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

GDPR - the final text?

Thursday, March 3, 2016 - 15:42

The European Council of Ministers have now published a proposed text for the General Data Protection Regulation. This still needs to be edited by the Commission's "lawyer-linguists" to check for inconsistencies, sort out the numbering of recitals and articles etc. But the working parties of both the Parliament and the Council have recommended that the resulting text should be adopted by the respective full bodies at meetings in the next couple of months.

Bloomberg have published an excellent summary of the differences between the existing Directive and the new Regulation.

Over the next few weeks I’ll be revisiting the four topics I considered when the European Commission first published its proposal back in 2012, looking specifically at the Regulation's implications for some of the networked services provided by NRENs and their customers:

Links to those posts will be added here when they are published. Once the Regulation is passed, there will be a period of two years before it comes into force. During that time I hope regulators will be providing guidance to fill in some of the practical details. It seems likely that there will also be more activity on international transfers, following the Safe Harbor case, and on the e-Privacy Directive, which will be revised once the Regulation's text is agreed. But there seems to be plenty in the current text to suggest how we may need to adapt our activities, and where we may already be ahead of the developments.