Over the next 18 months, European Union legislators are seeking to simplify the EU Data Protection Directive to provide businesses operating within the EU with a single law and a unified data protection authority.
Proposed changes to the existing Data Protection Directive aim to unify the existing legislation of each EU Member State, theoretically making it easier for businesses to transfer data throughout the EU and beyond.
The principle changes to the existing EU directive focus on data privacy, which may significantly impact the commercial use of social media by placing greater emphasis on data ownership.
The directive clearly places control of data in the hands of individuals to foster a greater sense of trust with customers through transparent data processing.
So what are the top five things UK business should be doing to ensure they are able to comply by the time the new regime is enforced in 2014/5? UK businesses must:
- Appoint a data protection officer (if they have more than 250 employees);
- Obtain explicit consent from individuals and detail how this information will be used by them and any third parties;
Read more about the European General Data Protection Regulation
- The proposed EU data protection regulation and its impact on cloud users
- EC data regulation will disrupt UK e-economy, warn lawyers
- European Commission data protection proposals draw hostile reaction
- Data protection regulators will increase focus on HR systems
- Big changes expected as EC publishes data protection review
- Review their existing data protection policies and practices and ensure they are compliant with the new directive;
- Ensure their staff are fully aware of the implications of these changes and are trained in the application of any new policies;
- Make sure their processes enable them to inform authorities about data breaches as early as possible – "if feasible within 24 hours".
Phillip Webb is the chairman of the BCS Government Relations Group