New EU Data Protection Proposals: what you need to know


Today’s blog post is courtesy of my friends and colleagues Clive Gringras and Claire Walker who have published a helpful guide to the new European Data Protection proposals.

“Today, 25 January 2012, the European Commission unveiled its proposals for far reaching changes to EU privacy legislation.

We foresee the Regulation being in force by 2015. Every aspect of an organisation’s compliance obligations will increase – and there will be fines of up to 2% of global turnover for breach. We highlight the top three immediate action points to consider. We also provide seven further action points to address in the months ahead.

Three immediate impacts

  • Non EU businesses need to select an EU Member State Scenario: a large Asian company holds personal data on Asian servers about its many EU customers. It has purposely not established a presence in the EU but will now need to decide which of the EU Member States in which it has customers to appoint its DP representative. It will need to balance the attractiveness of the enforcement approach in that state with other factors.
  • Systems design Scenario: the architecture for a new IT system is under discussion between the CTO and CEO of a large EU business. To future-proof the system, the CTO must take into account the Regulation’s changes such as allowing consumer data to be permanently deleted (R2BF) and should ensure that all processing operations involving personal data are adequately documented.
  • Outsourcing agreements Scenario: a five-year outsourcing contract involving data processing is under negotiation. The deal will be signed this year, well before the impact day of the Regulation, which will be some time in 2015. Because the processing will continue after impact day, the parties today need to anticipate in the agreement that their data protection obligations will change.

Please see here for our initial analysis of 10 potential practical impacts.”

PS – thanks for the feedback from some of my blog readers who travelled from  Paddington station today. You know who you are!

About Rob Bratby

Telecommunications, media and technology lawyer advising companies across Europe and Asia
This entry was posted in Belgium, EU, France, Germany, Government policy, Hardware, Outsourcing, Regulatory action, Services, Software, Spain, Technology, Telecoms, UK. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s