The European Parliament voted to back the European Commission’s proposals to harmonise data protection rules across all member states.
The EU General Data Protection Regulation 2014 is in the process of being ratified.
This will create a single, pan-European law with one supervisory authority rather than different ones in different member states.
The single regulation will be applicable both to companies based outside the EU and to those in member states, if they do business with EU companies or look after the data of EU citizens.
The regulation will establish the right of EU citizens to be forgotten, which means that unless there is a legitimate reason for preserving it, a company will have to delete personal data on request. Citizens also have the right to have easier access to their data, and transfer it between providers.
Businesses will have to explicitly seek permission to process the data of citizens - consent cannot be assumed and companies will have to notify citizens of any data breaches that could affect them.
Data security safeguards have to be built into products and services from the earliest stages of development. “Privacy-friendly default settings should be the norm” according to the European Commission.
The new regulation will be applicable to both public and private sector organisations. If the regulations are broken, fines for organisations could be as high as €100 million or 5% of global revenue.
Taking all of this into account it would be prudent to start reviewing data protection policies, processes and procedures.
We can help your organisation review, plan and implement the changes needed to become compliant with the new regulations.
Scott Mihajlovic Associates Ltd. Company No. 02875095 VAT No.: GB 983 4642 85