Security Think Tank: How to prepare for EU data protection rules (part 2)

Opinion

Security Think Tank: How to prepare for EU data protection rules (part 2)

Over the next 18 months, European Union legislators are seeking to simplify the EU Data Protection Directive to provide businesses operating within the EU with a single law and a unified data protection authority. 

Proposed changes to the existing Data Protection Directive aim to unify the existing legislation of each EU Member State, theoretically making it easier for businesses to transfer data throughout the EU and beyond.

The principle changes to the existing EU directive focus on data privacy, which may significantly impact the commercial use of social media by placing greater emphasis on data ownership. 

The directive clearly places control of data in the hands of individuals to foster a greater sense of trust with customers through transparent data processing.

So what are the top five things UK business should be doing to ensure they are able to comply by the time the new regime is enforced in 2014/5? UK businesses must:

  • Appoint a data protection officer (if they have more than 250 employees);
  • Obtain explicit consent from individuals and detail how this information will be used by them and any third parties;
  • Review their existing data protection policies and practices and ensure they are compliant with the new directive;
  • Ensure their staff are fully aware of the implications of these changes and are trained in the application of any new policies;
  • Make sure their processes enable them to inform authorities about data breaches as early as possible – "if feasible within 24 hours".

Phillip Webb is the chairman of the BCS Government Relations Group

Security Think Tank: How to prepare for EU data protection rules

Part 1 – Adrian Davis, Information Security Forum (ISF)

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in March 2012

 

COMMENTS powered by Disqus  //  Commenting policy