You’re not alone. The proposed new EU Data Directive still needs to be approved by the EU Parliament and EU members, something which is now unlikely to happen until 2014. Whilst some opposition remains, it is highly likely that some form of the directive will be passed, and further amendments made later on down the line.
A transition period of two years is standard in such issues, however if businesses fail to plan for changes in the law, they could be left with little time and budget to make the necessary changes.
So what’s being proposed, and how does this affect your business?
If you store, collect or process personal data then you are affected. Here’s a snapshot of the most important changes that would be put into force under the current proposed legislation:
Higher fines – the fine for a data breach would be increased to up to €1million or 2% of worldwide turnover.
A Data Protection Officer would need to be employed by organisations employing over 250 people
Explicit consent of the individual in all cases, and regardless of context. This brings with it a raft of issues that would need to address for all businesses including marketing techniques, CRM systems, data collection and cookies.
Documentation – detailed documents detailing how compliance is achieved and maintained.
Requirements for portability and deletion of data – the individual will be able to demand a file of their personal information which can be easily transferred to another service provider. Individuals will also have the right for all their information to be deleted and businesses will have to demonstrate they have established processes to facilitate this.
Direct responsibility – (for the first time) organisations that process data on behalf of others will be subject to the new law,
So, as you can see, these proposed changes could have a huge impact on your business. Not least in regards to how much these changes would cost your business.
We’ll keep you updated with developments on the EU Data Directive. If you’re already looking at improving data protection in your organisation, contact us on 00 0800 48 484 484.