How Will changes in EU Data Protection Regulation affect your business
With proposed powers of the Data Protection Officers across Europe being strengthened and limit of fines increased massively, I thought I would write a blog to give some general information about the proposed changes and how they will affect business.
Brief outline of the data protection act of 1998
The data protection act of 1998 is there to control how an individual’s personal information is used by businesses, organizations and the government.
There are strict rules in place that everyone responsible for using data has to follow, these are called ‘data protection principles’. This means that they must make sure the information is:
- Used fairly and lawfully.
- Used for limited and specific stated purposes.
- Used in a way that is adequate, relevant and not excessive.
- The information is accurate.
- The information is kept no longer than is necessary.
- Kept safe and secure.
- Not to be used outside of the UK without adequate protection.
The European Reforms of Data Protection Legislation
The proposed reforms to the data protection regulation have been a long time in the making, at a summit in October 2013 the European council adopted the legislation.
Several important issues are yet to be resolved, however the EU has stated it is their aim to achieve agreement and implement the reforms before the end of 2015.
- Data protection regulations could impose fines of up to 5% of annual worldwide turnover or EUR 100 million for certain breaches.
- The data subject’s consent must be stated clearly and proven to be valid.
- Data required by a third country court or administrative authority will be forbidden without certain approvals.
These changes offer improved security for data subjects, and give the data protection authorities more power to impose fines which will hopefully encourage businesses to take more care with individuals’ private information.
Who will European Data reforms this impact?
It will impact any organization that gathers, stores and processes information on individuals whether it relates to their personal, professional or social lives.
This could be anything from a name, photos, bank details, and posts on social media website, medical information or even the IP address of a computer. Employee data may be exempt as this would fall under the individual laws of the country as this is still to be determined.
Any company that runs within the EU, does business with organizations in the EU or stores data in any of the member countries of the EU will be effected by the new regulations.
How EU data protection reforms affect businesses
The new regulations have been designed to address how data is used and stored in the modern world. It will tackle data protection in areas such as social media websites and using the cloud system, this should enable people to transfer files securely and also give people the right to be forgotten.
The responsibility for compliance and penalties for non-compliance will continue rest with individual organizations whether they use an IT partner or not, grey areas will be removed.
Since the data protection act 1998 people are communicating in different ways and the legislative changes will take the current trends in to account. 250 million people within the EU currently use the internet daily and it is become more popular for people to store information on the cloud system rather than on their personal computers.
The aim of the reforms is to help individuals become more confident when sharing their personal data, especially on line. The new rules will promote trust between individuals and businesses and will allow people to use new technologies with more confidence. The new clear and robust rules will give businesses more clarity as to their obligations so that they can be sure they are acting responsibly when it comes to handling personal data.
Most of us are naive when it comes to passing our personal data to businesses and advertisers, particularly on-line. Even when we do consent to the processing of the data, many of us don’t understand what implications there may be. In a world that’s getting faster many people scan over T&C’s when it comes to accepting how their data is processed, these reforms place a greater obligation for businesses to explain clearly just how they will be using this information – or risk fines.
As consumers though we must remember we have an obligation to ensure that we are doing what we can to protect our own information too, we should all be a little more mindful of where our information is being passed to.