Earlier this week, the European Council reached a general approach on regulation for Data Protection, bringing a complete overhaul of EU Data Protection law a step closer.
Before the proposed regulations become law, the approach will be debated by European Parliament, the European Commission and the European Council.
If made law as they stand, there would be significant implications for businesses operating in or with companies in the EU. Described as “rules adapted to the digital era” by the European Council, they could be agreed as soon as the end of this year, so it’s not too early to start considering how they could affect you:
One-stop-shop approach
While currently there are independent watchdogs responsible for regulating data privacy in each member state of the EU, the new approach would standardise rules across the EU – in theory, simplifying doing business in the EU.
This would mean that companies within the EU, or those doing business with them, would have to refer to one single unified data protection authority and data privacy regulation.
What this means for your business: the changes to the law are expected to be relatively imminent, so now is the time to start planning for a potential overhaul of your own data protection policies with a view to complying with new EU legislation.
Increased consumer protection
The new proposals include strict regulation around the collection and use of personal data, essentially giving more control and rights to individuals where their data is concerned.
This would include making it easier for consumers to access their data, the ability to remove data from companies’ databases (the ‘right to be forgotten’) or easily transfer data between companies.
What this means for your business: when collecting any data about consumers or staff, businesses will need to be increasingly transparent about what that data will be used for. The regulation also mentions ‘unambiguous consent’, which will have implications in all instances where customer data is collected, across businesses.
Security measures
With proposed fines of up to €1m or 2% of global annual turnover, which for large corporations could amount to figures surpassing seven figures, there will be an increased need for businesses to implement security measures.
As well as the increased fines, data controllers would be responsible for notification of individuals affected by any data breaches, protecting consumers whose data is compromised.
What this means for your business: potentially huge fines for breaches, and additional requirements around data privacy are likely to increase the required investment in data protection for all businesses.
Data protection expertise
Our Compliance Essentials eLearning Suite includes a number of modules related to Data Protection which are aligned with the latest regulation. As the EU Data Protection law evolves, so too will our eLearning courses.
Implementing a programme of eLearning as part of your Data Protection policy ensures your staff have access to training on the latest legislation, minimising risk of data breaches and fines resulting from non-compliance.