UK businesses stand to benefit from understanding how they can prepare for potential EU data protection reforms. The EU is currently reviewing the European Data Protection framework in order to ensure that European law is fit for purpose for the digital era. In particular, officials will seek to safeguard individuals’ fundamental rights as their data is used in ever more diverse ways. Fines of up to 2% of global turnover are proposed for companies breaching the new legislation.
Although a tightening and strengthening of European data protection rules is firmly on the cards, the precise nature and extent of the changes are unknown. Some changes may, however, be inevitable, including more detailed record keeping obligations for all organisations, compliance obligations imposed on data processors and mandatory privacy impact assessments.
Next steps for UK businesses
1. Make data protection and privacy a board-level issue: the sooner the issue is escalated, the more effectively you can respond, particularly as many of the proposed changes will take time to implement.
2. Become part of the political debate and get involved with the consultation around the proposals: the regulation is still being negotiated within the EU parliament, and with UK businesses among those facing the biggest changes, UK participation is all important.
3. Establish a data protection team tasked with understanding what’s allowed within the regulations and how to make the business compliant. It will be mandatory under the new regulation to have a dedicated Data Protection Officer.
The new legislation is likely to be agreed by the end of 2013. UK businesses cannot afford to ignore it.
CJAM will provide further updates as the reforms progress.