Proposed new EU data protection law update

In June 2015 the EU Council, Parliament and Commission began negotiations with a timetable aimed at the adoption of a final proposal by the end of 2015 (and by implication the coming into force of the new law by the end of 2017).

Some of the key proposals are:

  • When consent is required to process personal data people must be asked to give it explicitly; it cannot be assumed. (Saying nothing is not the same thing as saying yes).
  • Data controllers must tell people without undue delay about data breaches that could adversely affect them.
  • Any ‘significant’ loss of unencrypted personal data must be notified to the ICO within 72 hours.
  • Processors must notify data controller immediately any data loss confirmed
  • The max fine available to the ICO to be increased to between 2% and 5% of turnover

NB: These are just some of the proposals under consideration.

Leave a Reply

Your email address will not be published. Required fields are marked *