Council of the European Union Agrees on General Approach to the Proposed General Data Protection Regulation
Time 2 Minute Read
Categories: European Union, International

The Council of the European Union has agreed on a general approach to the proposed EU General Data Protection Regulation (the “Regulation”). This marks a significant step forward in the legislative process, and the Council’s text will form the basis of its “trilogue” negotiations with the European Parliament and the European Commission. The aim of the trilogue process is to achieve agreement on a final text of the Regulation by the end of 2015. The first trilogue meeting is expected to take place on June 24, 2015.

Among the most significant features of the Council’s draft text are the revisions to the “establishment” and the “one-stop shop” concepts. These concepts will govern the application of the Regulation to data controllers that operate in more than one EU Member State. In particular, they will determine which data protection authority will regulate each controller’s data processing activities. They are, therefore, of critical importance to many international businesses.

Other key proposals in the Council’s text include: increased rights for data subjects; maximum penalties for non-compliance of €1 million or 2% of global annual turnover (a significant reduction from the €100 million / 5% figures proposed by the Parliament); and clarifications on the rules relating to cross-border data transfers.

Hunton & Williams has released a Guide to the Regulation, which is available by soft copy. An updated copy of this Guide will be released following the conclusion of the trilogue process and the release of the final text of the Regulation.

Tags: Council of the European Union, Data Protection Authority, Data Transfer, EU Member States, European Commission, European Parliament, GDPR
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
European Commission Seeks Feedback on Draft Cyber Resilience Act Guidelines

On March 3, 2026, the European Commission published draft guidelines intended to clarify the application of the Cyber Resilience Act and opened a public consultation to gather feedback from stakeholders.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Data Protection Authorities Globally Highlight Privacy Issues in AI Image Generation

On February 23, 2026, a Joint Statement on AI-Generated Imagery was published by 61 data protection authorities. The Joint Statement addresses concerns regarding AI systems capable of generating realistic images and videos depicting identifiable individuals without their knowledge or consent.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
China CAC Issues Guidance on CBDT Security Management

On January 30, 2026, the Cybersecurity Administration of China released a Q&A document on policies and regulations for the security management of cross-border data transfers. 

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 4 Minute Read
European Commission Announces New Cybersecurity Package

On January 20, 2026, the European Commission proposed a comprehensive new cybersecurity package aimed at strengthening the EU’s cybersecurity resilience and enhancing its capacity to manage evolving threats.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page