It’s a truism in the modern world that the pace of technological change far outsteps the enactment of legislation to control and guide its use, and that lawmakers are more often than not caught on the hop by advances in computing and telecommunications.
Such is the case with Europe’s 1995 Data Protection Directive, which was enacted before the Internet became the basic tool of everyday life that we now take for granted, but is now widely criticised as being hopelessly out of date with modern requirements.
Increasingly large amounts of data are transferred globally on a daily basis, but the varied implementation and enforcement of the EU Directive across the 28 European member states has resulted in a patchwork of national data protection legislation that creates more barriers to international business than it bypasses.
In response to this, the European General Data Protection Regulation (GDPR) was proposed by the European Commission in 2012 to bring the principles of the Data Protection Directive up to date, and to produce a single law that unified data protection legislation and enforcement across the EU.
Among other stipulations, the GDPR mandates that data subjects must consent to their data being collected and processed, and the ‘right to be forgotten’ grants data subjects the right to request the erasure of their personal information. The proposed Regulation provides a much more straightforward approach to data privacy, making legislation more clear-cut and transparent for individuals and data processors alike. Read more about the GDPR.
Hundreds of thousands of businesses in the 28 EU countries will be affected when the Regulation is introduced, as will innumerable global organisations that do business in the EU. With sanctions for breaches of the law currently set at 5% of a company’s annual turnover, it’s essential for organisations to prepare now for the GDPR’s expected enactment in late 2014.
This means investing in new frameworks, such as an Information Security Management System (ISMS) as laid out in the international best-practice Standard ISO27001, strategies for effective data management, and employing trained cyber security professionals to lead the movement.
For further information and guidance on ISO27001 and how it can help you prepare for and comply with the GDPR, download our free green paper>>