You may have seen in the news recently that the European Union is undergoing its first major overhaul of data protection and privacy reforms since 1995. But what will these mean for you and I? In short:
- Organisations must notify regulators of any data breach within 24 hours. Failure to protect your data will hit a business where it hurts - the wallet - in the form of a potential fine of up to two per cent of its annual global turnover
- Companies will be held accountable to a single European authority to ensure your rights are better protected
- You will have a legal 'right to be forgotten' - you can ask an organisation you've dealt with to delete all record of your relationship permanently
- All internet companies will be required to obtain your consent if they want to process your data and will have to make sure any terms of service are completely understood.
In updating this legislation, European law is embracing the evolution of the digital age and what this means for us as consumers. With information increasingly being exchanged between businesses in digital formats, it will be your right to know where your information is being held, and by who. Do you know who holds what potentially personal information now? The organisations you interact with are responsible for understanding what information they have on you already, but more must be done to manage it confidently and securely, to better protect your privacy.
The latest ruling from the European Union Court of Justice that Google must amend some search results at people's requests has shown that the EU is already taking the new 'right to be forgotten' incredibly seriously on our behalf, and will not be afraid to crackdown on companies who are not able to follow our requests to delete any information they hold.
We need only look across to Europe to find examples of good practice. In Germany, for example, organisations are already legally obliged to make a member of staff responsible for data protection, and to ensure compliance in line with national laws. The biggest challenge for the EU now will be to get all countries to match this standard, and businesses have a two-year countdown to ensure they are up-to-scratch.
It is time for those who handle our information to take note, and really understand what needs to be done to keep it secure.