Businesses operating within the European Union are not the only ones that need to be concerned with the upcoming EU Data Protection Regulations. These regulations will also apply to companies outside this region that deal with data on organizations or citizens residing within the EU. What are these regulations? When are they expected to be put into law? Most importantly, how can you assure that your business is ready to comply?
What the EU Data Protection Regulations Are
These regulations will apply to all businesses within the EU, as well as outsiders holding sensitive information on EU organizations or citizens.
Currently, all of the individual nations that make up the EU are responsible for passing and enforcing their own laws regarding data protection. Not only does this mean that all 28 countries have a completely different set of laws, all enforced differently, but many of these laws were created before the latest technological advancements were made, particularly cloud computing and mobile technologies.
The EU Compliance Regulations are designed to put the entire EU under a consistent, cohesive set of laws, and to address the newest technologies largely unregulated by current national laws. It is worth noting that this is a regulation, not a directive. Directives set goals that all 28 countries must achieve, but it is up to each country to decide how to meet those goals. Regulations, on the other hand, establish binding legislation that must be accomplished by all 28 nations.
The Data Protection Regulations require that organizations holding sensitive data on private citizens must demonstrate how data is handled within the organization, across its lifecycle, and prove that they have taken measures to protect that data from those without lawful reasons to access that data. Additionally, the regulations require that both authorities and the individuals are notified in a timely manner if the data is compromised.
What the EU Data Protection Regulations Mean to Organizations
Fines for failing to safeguard sensitive information could rack up fines of up to € 100,000.
The regulations will place a different burden on organizations holding or working with sensitive data. Companies will have to manage the flow of data across its lifespan, and use particular caution when delegating the storage, analysis, or handling of data by third parties (such as when contracting with a cloud service provider).
It will also assign ownership to any risks associated with storing or handling of sensitive data, and force those organizations that encounter security failures to report to authorities and to notify affected consumers. This will involve creating and implementing new processes to satisfy the regulations. Failure to comply with the regulations could result in a fine of € 100,000 (which is equivalent to about £ 72,000,000 or $108,000,000).
The Timeline for Achieving EU Protection Regulation Compliance
Earlier reports predicted that the regulations would pass in the European Commission by 2014, but updated reports expect the regulations to pass within the next year. This would mean passing the legislation by the end of 2016, with enforcement to reach full effect within two years of signing the regulations into law.
In the meantime, it’s advisable for all EU organizations, as well as those who do business within that region, to carefully select data storage, analysis, and backup procedures that offer transparency and visibility of the data and its lifespan.
The post Is Your Business Up to the New EU Compliance Regulations? appeared first on BACKBOX BLOG.