It seems that the data security landscape is constantly changing. Every day, new threats arise and fresh best practices emerge to keep companies at the forefront of protecting sensitive information. PKWARE’s staff of experts in data security share their thoughts in our blog, highlighting the most current topics on data security, management, and reduction. Check back frequently and join the conversation.

Committee Proposes EU Data Protection Reforms

Posted by on in Compliance

Last week the European Commission said that they would welcome the adoption of the European Parliament's Legal Affairs Committee's proposal for a Data Protection Regulation. This would reform the EU's data protection rules, which currently date back to 1995. Their recommendations for improving digital information practices will be submitted to the Civil Liberties, Justice and Home Affairs Committee to be voted on in the spring.

"Today's votes by the European Parliament's Legal Affairs Committee take us another step towards the swift adoption of a modern data protection reform in Europe," said Vice-President Viviane Reding, the EU's Justice Commissioner. "All the elements are falling into place to make decisive political progress on this critical dossier in the months to come. What we need for Europe is a deal that is good for citizens and that is good for business."

Data reform recommendations
The core elements of the data protection reform include:

  • Replace the 1995 Data Protection Directive with a single set of rules governing data protection across the EU. This standardization would eliminate unnecessary requirements and could save businesses as much as 2.3 billion Euros annually.
  • Maintain a broad definition of "personal data" that would continue to protect a wide range of information now and in the future.
  • Require explicit consent before personal data can be processed. Consent cannot be presumed.
  • Introduce a "one-stop shop" for companies that operate in more than one EU country to make it easier for them to deal with regulators. In the future, this would mean companies would only have to deal with authorities in the country where they are headquartered. Currently, some companies deal with 27 or more different regulatory organizations.
  • Refine the scope of the Data Protection Law Enforcement Directive so that there are general data protection policies for police and judicial authorities investigating crimes. Rules would apply to domestic processing as well as cross-border transfer of data. The aim would be to enhance trust and collaboration between law enforcement officials.

Additionally, the commission plans to propose the "right to be forgotten," which would require companies to delete personal data on request. This would not apply to healthcare information.

While it is not yet clear what data security practices will be required to meet these reforms, it is likely that government regulations will ask companies to use better and more consistent practices. This may include data encryption, so that information is secured while at rest and while being shared with other organizations. Placing an increased emphasis on the security of personal data will no doubt lead to companies taking even more steps to ensure customer data remains secure.

Tagged in: Compliance Data Protection Data Security EU Data Protection

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Wednesday, 02 October 2013