Legal Archives - Klaxon

EU Data Protection Directive Changes

EU Data Protection Directive Changes may seem overwhelming initially; but they are not that complicated once you break them down. It is vital that a clear understanding is generated because the effect on individuals and particularly businesses will be massive.

The recent spate in data breaches and security threats that continue to make global news headlines act as a continuous reminder of the need to enhance monitoring and protection of corporate data. Impending changes to the EU Data Protection Act for protecting personal data for all EU citizens, will impose stricter fines on businesses that experience security breaches. So, there has never been a more pressing time for businesses to get their security controls in order.

The EU Data Protection Directive has been in place since 1995; so a long time before the huge technological changes of the last decade. Rapid technological developments have created new challenges for the protection of personal data. Under the proposed 2014 EU Data Protection Directive, amendments will mainly focus on the concern on Internet-based data sharing. The legislation will make personal data the property of the individual the data is about. So citizens of the EU will be given new rights.

What does this mean?

Businesses will need to alter their operating procedures accordingly. To understand more about what is exactly being proposed so you can improve your businesses data protection and better manage your security read on…

Key Changes to Data Protection:

  • The right to be forgotten; a request that a company delete private information can be issued
  • A digital copy of the request ‘to be forgotten’ can be issued, to transfer the information to another company
  • A company’s ability to profile another business
  • Data protection officer – will have a vital role to ensure the company is aware and fully compliant with the EU Data Protection Directive, interact with the supervisory authority and interact with EU citizens who have data requests
  • Mandated fines – issued if compliance is not evident

BANT qualified leadThe above changes mean that for B2B organisations direct marketing in particular will move from an ‘opt-out’ system to an ‘opt-in’ rule.

So B2B organisations will  become limited when sending direct mail, email or even telephoning prospective B2B clients. This is likely to damage the marketing of UK companies and so the ability to connect with prospective B2B clients will take a negative setback. In line with these key changes businesses need to start planning for the future now, to ensure better preparation against the increasing number of cyber attacks and the stricter new regulations coming into play.

The good news? And yes there is light at the end of the tunnel!

The EU Regulation proposal agreement is likely to be put on hold until later on in this year or even 2015 and is unlikely to kick in until 2017.

BUT compliance is a strategic process that requires substantial time to correct so you really shouldn’t put the project on hold until it gets closer to the deadline. Do something today.

Do Not Fear

The changes sounds vast, but in practice they simply build on the current framework which remains sound with its objectives and key focus areas. But fragmentation in the way personal data protection is implemented, legal uncertainty and negative public perceptions that there are risks associated with online activity have developed.

The different legal obligations your business must consider may seem frightening / overwhelming / daunting at this point, but they need not to. If you are already engaged in best practice for gaining and managing data (i.e. securing and recording opt-in) then you should pretty much have it covered.

If you need more explanations or further information check out this useful legal source.

Just make sure your organisation complies with EU Data Protection laws before it’s too late!

Bloggers: Don’t Get Sued

A couple of weeks ago I attended an Own-IT event all about the legal side to blogging. I was introduced to the event by Improbulus and a huge thanks there as it turned out to be a very educational evening.

It started with a presentation from Dan at MindCandy and then moved on to a chap called Robert Lands from legal firm Finers Stephens Innocent LLP . (Incidentally Robert, the invitation to speak at the London Bloggers Meetup still stands. If you’re interested do please let me know when you’re available).

I found Robert’s presentation very engaging and his relaxed style made it easy listening. No disrespect to the legal profession, but they are not known for their humour..

So what are the top 10 tips I took away from Robert’s presentation**

2. Yes you can get fired if you blog about your job, employer or other employees, even if you change the names involved. If it’s possible for readers to interpret what you’ve written as being about your employer, you’ve had it.. and there are plenty of examples of this.

3. As a blogger you are seen by the law as a professional journalist and publisher. Therefore anything you write about a person or company in a defamatory way leaves you open to being sued for libel (this is more relevant in the UK than the US as apparently we have tighter controls on freedom of speech).

4. If your server is in India how can I be sued by someone in the US? Well it seems you can, the law of the land where your media is consumed is most important. So in the understanding that nobody knows the laws of every land, you might want to add a ‘terms of use’ page to your site stating something like ‘if you read this blog you agree to be bound by the laws of (your home country)…..’ or words to that effect. Contact your local legal beagle for advice on this, or if you’re in the UK contact Finers Stephens Innocent LLP.

5. If someone takes a disliking to the content on your blog / web 2.0 site, probably the first you will know about it is when you get a letter asking you to take down the content. It might help to have a page on your site with “Notice and Take Down Policies” i.e. telling people how you will deal with any complaint.

6. With copyright, you can get done for linking to a site that infringes someone else’s copyright. Incredible if you ask me, but I don’t set the rules. So be careful what content and blogs you link to as they may be putting you at risk. It’s called ‘making available’.

7. Don’t ever blog about the intellectual property you are generating at work e.g. technology you are developing for your employer, or content you are writing. This will land you in hot water as they will own all this content and you giving it away is not a good thing. Equally, make sure your own employees know your policy here.

8. If you are publishing content written by others, either who you have paid or not, make it clear who owns the content. Get it down on paper with each writer to avoid any problems later on with intellectual property rights.

9. If you write about a company don’t be tempted to include a copy of their logo in your post (I’ve done this a lot). If the company doesn’t like your content you could be done for things like Dilution of the brand, or incorrect usage of a Trade Mark.

10. remember, you are seen by the law as a professional journalist, so you should be prepared to be treated as one. Get some legal advice or do some research so you understand your legal position, before it’s too late.

So there you go. If you haven’t realised why I started on point 2, it’s because point 1. is below. Hope all that was helpful.

** disclaimer. These comments do not constitute legal advice and you should consult a qualified legal practitioner before using any of this advice (point number 1. do not offer advice you are not qualified to give..)

Limited Companies – Are Your Email and Websites Compliant?

The First Company Law Amendment Directive – a European law being incorporated into UK law – means that as a limited company you are now required to display more information on your website and company emails. Those who don’t comply risk being fined.

So what do you have to do I hear you ask? As of the 1st January 2007, you are required to include the following in all business emails:

  • company registration number,
  • place of registration (e.g. Registered in England and Wales)
  • the registered office address.

On the website you are required to include:

  • The name, postal address and email address of the website’s service provider.
  • The name of any trade body or professional associations the business is part of, including membership or registration details.
  • Your VAT number, even if the website is not being used for e-commerce transactions.
  • Any prices on the website must clearly state whether they are inclusive or exclusive of tax and delivery costs.

For more information check out this very useful legal resource:

Make sure you don’t find out the hard way by getting fined!