EU Data Protection Directive Changes may seem overwhelming initially; but they are not that complicated once you break them down. It is vital that a clear understanding is generated because the effect on individuals and particularly businesses will be massive.
The recent spate in data breaches and security threats that continue to make global news headlines act as a continuous reminder of the need to enhance monitoring and protection of corporate data. Impending changes to the EU Data Protection Act for protecting personal data for all EU citizens, will impose stricter fines on businesses that experience security breaches. So, there has never been a more pressing time for businesses to get their security controls in order.
The EU Data Protection Directive has been in place since 1995; so a long time before the huge technological changes of the last decade. Rapid technological developments have created new challenges for the protection of personal data. Under the proposed 2014 EU Data Protection Directive, amendments will mainly focus on the concern on Internet-based data sharing. The legislation will make personal data the property of the individual the data is about. So citizens of the EU will be given new rights.
What does this mean?
Businesses will need to alter their operating procedures accordingly. To understand more about what is exactly being proposed so you can improve your businesses data protection and better manage your security read on…
Key Changes to Data Protection:
- The right to be forgotten; a request that a company delete private information can be issued
- A digital copy of the request ‘to be forgotten’ can be issued, to transfer the information to another company
- A company’s ability to profile another business
- Data protection officer – will have a vital role to ensure the company is aware and fully compliant with the EU Data Protection Directive, interact with the supervisory authority and interact with EU citizens who have data requests
- Mandated fines – issued if compliance is not evident
The above changes mean that for B2B organisations direct marketing in particular will move from an ‘opt-out’ system to an ‘opt-in’ rule.
So B2B organisations will become limited when sending direct mail, email or even telephoning prospective B2B clients. This is likely to damage the marketing of UK companies and so the ability to connect with prospective B2B clients will take a negative setback. In line with these key changes businesses need to start planning for the future now, to ensure better preparation against the increasing number of cyber attacks and the stricter new regulations coming into play.
The good news? And yes there is light at the end of the tunnel!
The EU Regulation proposal agreement is likely to be put on hold until later on in this year or even 2015 and is unlikely to kick in until 2017.
BUT compliance is a strategic process that requires substantial time to correct so you really shouldn’t put the project on hold until it gets closer to the deadline. Do something today.
Do Not Fear
The changes sounds vast, but in practice they simply build on the current framework which remains sound with its objectives and key focus areas. But fragmentation in the way personal data protection is implemented, legal uncertainty and negative public perceptions that there are risks associated with online activity have developed.
The different legal obligations your business must consider may seem frightening / overwhelming / daunting at this point, but they need not to. If you are already engaged in best practice for gaining and managing data (i.e. securing and recording opt-in) then you should pretty much have it covered.
If you need more explanations or further information check out this useful legal source.
Just make sure your organisation complies with EU Data Protection laws before it’s too late!