Convergence Conversation - brought to you by Intellect

New EU Data Protection Proposals: what you need to know

Today’s blog post is courtesy of my friends and colleagues Clive Gringras and Claire Walker who have published a helpful guide to the new European Data Protection proposals.

“Today, 25 January 2012, the European Commission unveiled its proposals for far reaching changes to EU privacy legislation.

We foresee the Regulation being in force by 2015. Every aspect of an organisation’s compliance obligations will increase – and there will be fines of up to 2% of global turnover for breach. We highlight the top three immediate action points to consider. We also provide seven further action points to address in the months ahead.

Three immediate impacts

  • Non EU businesses need to select an EU Member State Scenario: a large Asian company holds personal data on Asian servers about its many EU customers. It has purposely not established a presence in the EU but will now need to decide which of the EU Member States in which it has customers to appoint its DP representative. It will need to balance the attractiveness of the enforcement approach in that state with other factors.
  • Systems design Scenario: the architecture for a new IT system is under discussion between the CTO and CEO of a large EU business. To future-proof the system, the CTO must take into account the Regulation’s changes such as allowing consumer data to be permanently deleted (R2BF) and should ensure that all processing operations involving personal data are adequately documented.
  • Outsourcing agreements Scenario: a five-year outsourcing contract involving data processing is under negotiation. The deal will be signed this year, well before the impact day of the Regulation, which will be some time in 2015. Because the processing will continue after impact day, the parties today need to anticipate in the agreement that their data protection obligations will change.

Please see here for our initial analysis of 10 potential practical impacts.”

PS – thanks for the feedback from some of my blog readers who travelled from  Paddington station today. You know who you are!
Filed under: Belgium, Data protection, EU, France, Germany, Government policy, Hardware, Outsourcing, Regulatory action, Services, Software, Spain, Technology, Telecoms, UK

Also posted on robbratby.com

Comments on this post

Add your comment

Your response to "New EU Data Protection Proposals: what you need to know":

Additional information

Because you are not logged in, we need you to complete the following additional fields.


Cancel
  1. No comments on this post yet

Cite or link to this post  Add your comment

Manage this post

About the author

User profile picture

Posted by
Rob Bratby
London

Bookmark this post

Change feature settings

Choose a feature level and image for this post

Feature image
Uploads should be PNG files measuring 337 x 138 pixels
Save Cancel

Post information

Posted 25 Jan 2012
Last edited 25 Jan 2012
Latest revision: 1

Sharing

  • Rob Bratby can edit
  • Anyone can comment

Categories:

  • No categories

Communities:

  • No communities

Tags:

  • No tags