As forecast in our latest blog on the topic (available here), the European Parliament today voted into law a new General Data Protection Regulation (“GDPR”) that will replace the EU’s all-encompassing Data Protection Directive as of mid-2018.

Today’s vote brings to a close a legislative process that has lasted nearly five years; the law’s official publication, which should be forthcoming, will start the clock on a two-year transition period until the new rules take effect.

The GDPR was approved by the European Parliament today as part of a contentious package of laws that also includes a new Passenger Name Records (“PNR”) Directive, aimed at wider collection and sharing of traveler data for counter-terrorism and crime prevention purposes; and a Policing and Criminal Justice Data Protection Directive (“PCJ DPD”) that will regulate law enforcement agencies’ use of personally identifying information.

The Parliament’s approval of the PCJ DPD enshrines it into law, while the PNR Directive still requires, as a mere formality, approval by the Council of the EU.  Both laws are also scheduled to take effect in mid-2018.

For more on what the GDPR means for organizations active on the European market, see here, and tune into Covington’s free GDPR Webinars for further expert commentary; Workshop 3 takes place on April 21, and further events are planned in May, June, September and October this year.