EU proposes radical data protection refresh

The EC does as expected in proposing 24-hour breach disclosure rules and heightened powers for regulators like the ICO.

The European Commission has proposed widespread changes to data protection rules governing Europe, including the addition of significant fines for breaching the laws.

The EC wants to replace the current directive, issued in 1995 when the internet had little traction across Europe, with legislation that applies to all member states.

As part of its changes, companies who breach the rules could be told to pay out as much as 1 million (831,000).

I would have thought all the data protection regulators are going to be made up it's like Christmas for them.

The EC has proposed both a regulation, setting out "a general EU framework for data protection" and a directive which sets out rules on the protection "of personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities."

Despite concerns, the EC believes that stricter rules will hinder economic growth across Europe, businesses will actually be saved around 2.3 billion a year thanks to the streamlined processes being proposed.

In particular, the regulation will get rid of separate laws governing different nations, thereby easing administrative burdens, the EC said.

"With this reform the European Union will create a real single digital market, accessible both for companies and consumers. It will make the European Union an international standard setter in terms of modern data protection rules," said EU justice commissioner Viviane Reding, the EC's vice president.

"[Businesses are] confronted with a real load of notification requirements a patchwork of laws, a load of reporting requirements this leads to legal uncertainty, to legal fragmentation.

"Reform will eliminate the unnecessary administrative burden as well as the many costs linked to different reporting requirements existing throughout the EU. It will do so with one main text. "

According to Reding, 72 per cent of EU citizens are concerned businesses will misuse their data.

The legislation will take effect two years after it is officially adopted.

24-hour rule

One of the more controversial aspects of the regulation is its request that companies inform both affected parties and data protection authorities when a breach occurs within 24 hours.

Featured Resources

Seven steps to connect and empower your frontline workers

How business leaders can improve communication with a secure platform

Free download

Create what’s next

The future of collaboration and productivity

Free Download

Leveraging the cloud without relinquishing control

Your data. Their cloud.

Free download

Re-architecting for nonstop innovation

Unlocking productivity, scalability, and lower costs for cloud natives

Free Download

Recommended

Majority of UK's top business leaders are failing to manage supply chain security risks
supply chain management (SCM)

Majority of UK's top business leaders are failing to manage supply chain security risks

16 Nov 2021
HPE inks $2 billion high-performance computing deal with the NSA
high-performance computing (HPC)

HPE inks $2 billion high-performance computing deal with the NSA

1 Sep 2021
White House launches tech fellowship program to tackle key issues
Policy & legislation

White House launches tech fellowship program to tackle key issues

31 Aug 2021
Department of Health and Human Services must improve cyber security info sharing
Security

Department of Health and Human Services must improve cyber security info sharing

30 Jun 2021

Most Popular

Looking beyond the obvious: What’s best for multi-cloud?
Sponsored

Looking beyond the obvious: What’s best for multi-cloud?

8 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021
How to speed up Microsoft's Windows 11
Microsoft Windows

How to speed up Microsoft's Windows 11

9 Nov 2021