A Quick Checklist for the New EU Data Protection Regulation
1. New Regulation. A new EU Data Protection Regulation is being considered by the European Council, with adoption expected in late 2014 or early 2015, and full implementation by 2016. The New Regulation would mean a modernised and streamlined legislative framework across the EU, with hefty penalties for non-compliance.
2. Simplified Rules. The reforms aim to simplify the rules and allow for some exemptions for SME’s. The consistency of the new regime across the EU is expected to promote growth amongst SME’s, as it will be easier to establish branches in other Member States and remain compliant with data protection requirements.
3. The 8 Principles. The current Data Protection Act provides 8 principles which state, for example, that data shall be; processed fairly and lawfully; obtained only for a lawful purpose; adequate, relevant and not excessive to that purpose; accurate and kept only as long as necessary; and protected against unauthorised use.
4. Financial Penalties. Under the proposed forums, the financial penalties includes fines up to €100 million or 5 % of an enterprise’s annual global turnover (whichever is greater).
5. International Transfer of Data. The EU has arrangements in place with various territories or countries for data transfers, including many UK territories and Commonwealth countries. The EU and the USA have agreed a data transfer arrangement, called ‘Safe Harbour’, which is being revised in light of the NSA spying scandal.
6. Proactive Steps. Undertaking a data security review now could highlight present failings or weak spots which would cause significant problems or breaches under DPA when the regulations come into effect. The Regulations, including the means and reasons for processing of data, must be implemented into an enterprise’s operation by design and by default. This involves appropriate technical and organisational measures.
Identifying NOW how your data is treated in your business will put you in an advanced position to not only comply with the Regulation but protect your business.