A new European Union General Data Protection Regulation (GDPR) is being approved by the European Council of Ministers to replace the outdated 1995 directive. This new regulation was initially proposed in 2012 and drafted in January of this year and is designed to regulate the progression of personal data within Europe. it is officially known as the Directive 95/46/EC and is part of the EU privacy and human rights law.
The aim of this directive is to harmonise the current data protection laws in all EU member states, and it will be directly applicable to all without any need for national implementations.
It is estimated that most companies are not aware of the requirements to comply with this new regulation. one of the reguirements according to networkworld.com(1), is that “it calls for businesses, regardless of whether they are EU-based or not, to appoint a so-called “Data Protection Officer” (DPO) if they sell goods and services or regularly monitor Europeans, or process data on them at certain levels.” in her article, Ellen goes on to say “The EU-envisioned DPO is supposed to be an expert in data-privacy law and must be given a highly independent position in the business reporting to the top level of management. Under the draft of the law, the DPO is envisioned as a four-year appointment who cannot be easily dismissed.”
Another requirement is that organisations will be expected to report a breach in 72 hours, and give data owners the right to request a copy of the personal data they hold, and the right to have personal data erased.
This new regulation will impose greater fines on organisations who break the laws regarding Data Protection.
For further information see
1. networkworld.com Does your business need a “Data Protection Officer?” Ellen Messmer Aug 8, 2014