Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Big Changes Expected In European Privacy and Data Protection

Iron Mountain : 24 January, 2012  (Technical Article)
Iron Mountain is advising businesses to prepare for new privacy and data protection regulations coming out of the European Union to avoid problems later
Big Changes Expected In European Privacy and Data Protection
Proposals for more stringent European data protection legislation will compel businesses across Europe to bolster their information management practices, says Iron Mountain ahead of European Privacy and Data Protection Day (EPDP). Held this year on Friday 28 January, EPDP aims to raise awareness of data protection issues and recommend good practice to organisations that handle personal data on a day-to-day basis.

The new legislation will replace the EU Data Protection Directive 95/46, an important component of EU privacy and human rights law, under which companies have been operating for 13 years. It is anticipated that the new legislation will reduce bureaucratic compliance requirements for many companies. However, it is likely to impose a greater responsibility on organisations to protect against, acknowledge and report data breaches. In addition the regulation will introduce stiffer penalties for companies that fall short of the legal requirements.

Christian Toon, head of information security for Iron Mountain Europe, believes that the proposed regulation is good news in many respects for customers and should galvanise businesses to take a more critical review of their existing information management and security policies.

“Many businesses of all sizes are falling short of what is required to manage information responsibly,” says Toon. “In today’s increasingly scrutinised business environment, the lack of a solid and legally compliant information management policy is inexcusable. Regardless of turnover, sector or country of operation, making sure that employee and customer information is protected should be common practice, not a reaction to new legislation. Organisations unsure of where to start should look at the ISO 27002[1] recommendations.”

The draft EU proposal, leaked late last year, outlines three main requirements that would, if incorporated into the final regulation, have far-reaching impact on the way many European businesses operate. The controversial proposal is provoking considerable discussion within the EU. The main requirements included in the leaked draft are:

1 The mandatory notification of data breaches. This recommends that both the relevant Data Protection Authorities (DPAs) and all affected individuals have to be notified within 24 hours of a data security breach, including unauthorised destruction or loss. The data protection authorities must be notified even in the absence of any risk of harm to data.

“A big question is whether the business community will be willing or able to police itself,” comments Toon. “If it can’t, businesses could find themselves exposed to regular reviews by official regulatory bodies. The definition of a ‘breach’ will also have to be made clear. Will it depend on the number of records or documents exposed, for example, or on the type of information leaked? Organisations should prepare for both of these options.”

2 A requirement for named data protection officers. Data protection officers would be obligatory for all public sector organisations and all companies with more than 250 employees.

“This could incur costs that have not been accounted for, so it would be beneficial for a business to consider this before the legislation comes into effect,” advises Toon. “Having a named data protection officer is already mandatory in Germany. For many businesses, it may be possible to add a new responsibility to the remit of an appropriately skilled employee. Having a specific person to deal with data protection is good practice anyway, and businesses should not wait for official legislation to bring this into effect.”

Significantly increased fines. Under the proposed legislation, regulatory authorities would have powers to impose fines of up to one million Euros or, in the case of an enterprise, up to five per cent of annual worldwide revenue for failures to comply with the regulation.

“Five per cent of worldwide turnover is a huge and potentially devastating sum for most businesses,” says Toon. “That the EU is prepared to authorise this level of punishment highlights just how serious data protection is taken. Companies needn’t be scared, just prepared. Having plans for storing and accessing records; training employees on those plans are great first steps towards doing the right thing and, maybe soon, the legal thing.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo