Tuesday, 22 December 2015
EU Officials Agree on New Data Protection Rules
In a move likely to have a decisive impact on how consumer data is stored and used, EU officials have finally agreed on a new set of data protection rules that will apply to the entire 28-member European Union. The new regulations are designed to be a replacement for the patchwork of individual rules that now exist from one country to the next. Although the rules are not yet official, they are expected to go through the necessary channels in the European Parliament and member countries sometime this week.
News reports say the new rules will force companies to pay very close attention to how personal data is used. Any company found to be misusing personal data could be fined as much as 4% of global revenue upon conviction. The rules apply to any companies with European headquarters.
It is unclear how the rules define misuse of data, and that is a concern for many. The new law could potentially affect everything from the local data centre to the myriad of hosting companies offering services throughout Europe. Even companies offering managed IT services could find themselves in trouble by engaging in practices that may be marginal under the new rules.
Another key component of the rules is a provision that forces companies to report any and all data breaches, regardless of severity. Again, this will apply as much to the local data centre as it does to the large corporate IT department.
Last but by no means least, the rules codify the right to be forgotten across the entire European Union. Once the rules are official, companies will have to get explicit consent from customers to use their data for any purposes other than conducting business between them. They will also have to hire a data protection officer to make sure that all data protection rules are being adhered to.
It is not possible to enact rules of this nature without impacting business. In this case, some businesses will be more negatively affected than others. Small companies will face the worst of it, having to stretch budgets even further in order to hire data protection officers and develop policies and procedures for keeping data secure. Larger companies will face less of an impact on the implementation of policies and procedures, but they could be more heavily damaged by fines in the event of violations.
The good news for European consumers is that the new rules, if enforced properly, will guarantee greater data privacy in the long run. It may even slow down the race to find out who can use Big Data to the biggest advantage at the consumer level. It will have no effect on cyber criminals who are intent on stealing data regardless of any rules put in place.
It would appear as though the EU is on the verge of enacting significant changes in consumer data protection. Now let's see if the rest of the world follows.
Source: CBR – http://www.cbronline.com/news/verticals/public-sector/tech-companies-face-billions-in-fines-under-new-eu-data-protection-laws-4754835