European Data Protection Reform – How to minimize impact and costs

European Data Protection ReformIf your company touches any Europeans’ data you’d better prepare for what’s coming.


The EU data protection reform is steadily moving forward. On March 12, 2014, the European Parliament adopted the current proposal in its first reading. The new regulation is intended to strengthen consumer privacy rights and to boost Europe’s digital economy. However, many experts across the Atlantic have expressed deep concerns with regard to some controversial aspects of the incoming laws, which introduce bigger fines, 24 hour disclosure and the enforced Data Privacy Officer. The proposed regulation applies to the processing of personal data pertaining to data subjects in the EU even if the controller or processor of such data is not established in the EU. U.S. companies with or without operations in the EU that fail to comply with the new rules can trigger fines up to €100 million. If your company touches any Europeans’ data, you’d better prepare for what’s coming and know what to do to minimize the impact on your organization when the regulation is enforced.

 

How to minimize impact and costs of the new regulation

As any other companies processing personal data of European consumers, U.S. organizations should not content themselves with seeking to avoid the imposition of administrative fines. Ideally, companies should embody personal data protection and information security into their business models and processes as inherent parts of the company´s culture, products and services.

In doing so, U.S. companies can benefit from a uniform regulatory framework that saves significant costs compared to the web of 28 national data protection rules. Personal data is becoming the new currency of the information age. The EU regulation mandates the implementation of data protection “by design” and “by default”. Companies should look at this new rules as an effective way to gain consumer´s trust and to establish a competitive edge in the ever evolving internet markets. The best way to minimize the inherent costs of the new legal framework is to implement structured processes that make compliance fail-safe and that greatly reduce the need for short-lived trouble shooting and undesirable – and expensive – disclosures of data breaches.

In Snead’s views, “U.S. companies are not doing themselves any favors by ignoring this law or by ignoring the proposals”. According to Snead it is important for IT professionals to follow what is going in the EU with regard to privacy for two reasons. One is that EU is the largest non U.S. market. Sooner or later you’re likely going to have to comply with these laws. The second is that what is going on in the EU with regard to privacy is reflective of what is going on globally, including in the U.S., with regard to privacy. It reflects the fact that consumers and businesses want more control of their data. They want more certainty about what is going to happen to their data. The European Union is responding to that concern. However, It is not an EU only concern. It is a global concern. Paying attentions to what’s going on in the EU and beginning to prepare for it is going to put organizations that follow this issue ahead. “It’s going to allow them to create compliance strategies that are well thought out and implementable as opposed to compliance strategies that they have to implement 10 minutes after they get a customer.” concludes Snead.

In conclusion, Balboni observes that the “EU, U.S., Canada and numerous other jurisdictions of the Asian and Pacific Economic Cooperation (APEC) still have a number of commonalities. The bottom line is that there is a global common denominator [with regard to personal data protection]. It’s the principle of accountability. If you start implementing this principle in your organization, then you’ll be ready to transition to the new general data protection regulation in Europe.”

 


Previous: How to prepare for what is coming.

CREDITS

 

Andreas LeupoldDr. Andreas Leupold LL.M.

IT-Law, Outsourcing, Cloud Computing, Data Protection & Data Security.

Munich, Germany

 

David SneadDavid Snead

Internet Attorney and co-founder of Internet Infrastructure Coalition

Washington D.C. Metro Area

 

Paolo BalboniPaolo Balboni

Founding Partner at ICT Legal Consulting

Milan Area, Italy

 

European Data Protection Reform – How to prepare for what is coming

European Data Protection ReformIf your company touches any Europeans’ data you’d better prepare for what’s coming.


The EU data protection reform is steadily moving forward. On March 12, 2014, the European Parliament adopted the current proposal in its first reading. The new regulation is intended to strengthen consumer privacy rights and to boost Europe’s digital economy. However, many experts across the Atlantic have expressed deep concerns with regard to some controversial aspects of the incoming laws, which introduce bigger fines, 24 hour disclosure and the enforced Data Privacy Officer. The proposed regulation applies to the processing of personal data pertaining to data subjects in the EU even if the controller or processor of such data is not established in the EU. U.S. companies with or without operations in the EU that fail to comply with the new rules can trigger fines up to €100 million. If your company touches any Europeans’ data, you’d better prepare for what’s coming and know what to do to minimize the impact on your organization when the regulation is enforced.

How to prepare for what is coming

U.S. companies who market goods and services to European consumers should not wait for the regulation to enter into force. You should act promptly to avoid the disruptions and the liability resulting from an untimely implementation of these new rules.

At a minimum, your checklist should include: Read more of this post

European Data Protection Reform – Should you worry yet?

European Data Protection ReformIf your company touches any Europeans’ data you’d better prepare for what’s coming.


The EU data protection reform is steadily moving forward. On March 12, 2014, the European Parliament adopted the current proposal in its first reading. The new regulation is intended to strengthen consumer privacy rights and to boost Europe’s digital economy. However, many experts across the Atlantic have expressed deep concerns with regard to some controversial aspects of the incoming laws, which introduce bigger fines, 24 hour disclosure and the enforced Data Privacy Officer. The proposed regulation applies to the processing of personal data pertaining to data subjects in the EU even if the controller or processor of such data is not established in the EU. U.S. companies with or without operations in the EU that fail to comply with the new rules can trigger fines up to €100 million. If your company touches any Europeans’ data, you’d better prepare for what’s coming and know what to do to minimize the impact on your organization when the regulation is enforced.

 

Should you worry yet?

According to Viviane Reding, EU Justice Commissioner, there is a full commitment of the European bodies to pass this legislation by the end of the year. However, the experts are skeptical with regard to a swift approval by the council of ministers of the EU member states. Read more of this post

European Data Protection Reform – The Enforced Data Privacy Officer

European Data Protection ReformIf your company touches any Europeans’ data you’d better prepare for what’s coming.


The EU data protection reform is steadily moving forward. On March 12, 2014, the European Parliament adopted the current proposal in its first reading. The new regulation is intended to strengthen consumer privacy rights and to boost Europe’s digital economy. However, many experts across the Atlantic have expressed deep concerns with regard to some controversial aspects of the incoming laws, which introduce bigger fines, 24 hour disclosure and the enforced Data Privacy Officer. The proposed regulation applies to the processing of personal data pertaining to data subjects in the EU even if the controller or processor of such data is not established in the EU. U.S. companies with or without operations in the EU that fail to comply with the new rules can trigger fines up to €100 million. If your company touches any Europeans’ data, you’d better prepare for what’s coming and know what to do to minimize the impact on your organization when the regulation is enforced.

 

The enforced Data Privacy Officer – revenue generation for lawyers?

For private legal entities, the obligation set forth in Art. 35 of the regulation to designate a Data Privacy Officer (DPO) only applies to the processing of personal data that affects large amounts of individuals (≥ 5000 data subjects in 12 months) or regular and systematic monitoring of data subjects or the processing of special categories of data, location data or children´s data in large scale filing systems. Read more of this post

European Data Protection Reform – 24 hour disclosure or undue delay?

European Data Protection ReformIf your company touches any Europeans’ data you’d better prepare for what’s coming.


The EU data protection reform is steadily moving forward. On March 12, 2014, the European Parliament adopted the current proposal in its first reading. The new regulation is intended to strengthen consumer privacy rights and to boost Europe’s digital economy. However, many experts across the Atlantic have expressed deep concerns with regard to some controversial aspects of the incoming laws, which introduce bigger fines, 24 hour disclosure and the enforced Data Privacy Officer. The proposed regulation applies to the processing of personal data pertaining to data subjects in the EU even if the controller or processor of such data is not established in the EU. U.S. companies with or without operations in the EU that fail to comply with the new rules can trigger fines up to €100 million. If your company touches any Europeans’ data, you’d better prepare for what’s coming and know what to do to minimize the impact on your organization when the regulation is enforced.

 

24 hour disclosure or undue delay?

The new regulation establishes the consumer right to know when their data has been “hacked”. Companies and organizations must notify the national supervisory authority of serious data breaches as soon as possible, if feasible within 24 hours, so that users can take appropriate measures. Read more of this post

European Data Protection Reform – The 100 Million Euro Fine

European Data Protection ReformIf your company touches any Europeans’ data you’d better prepare for what’s coming.


The EU data protection reform is steadily moving forward. On March 12, 2014, the European Parliament adopted the current proposal in its first reading. The new regulation is intended to strengthen consumer privacy rights and to boost Europe’s digital economy. However, many experts across the Atlantic have expressed deep concerns with regard to some controversial aspects of the incoming laws, which introduce bigger fines, 24 hour disclosure and the enforced Data Privacy Officer. The proposed regulation applies to the processing of personal data pertaining to data subjects in the EU even if the controller or processor of such data is not established in the EU. U.S. companies with or without operations in the EU that fail to comply with the new rules can trigger fines up to €100 million. If your company touches any Europeans’ data, you’d better prepare for what’s coming and know what to do to minimize the impact on your organization when the regulation is enforced.

 

The 100 million euro fine: outrageous sanctions set a disturbing precedent.

Under the current national European data protection laws enacted or amended in the wake of Directive 95/46/EC, administrative fines are rather limited – i.e. in Germany the maximum fine is €300,000 – and rarely imposed at all. The new regulation entails a paradigm change in that it introduces substantial sanctions for non-compliance with the new rules. Read more of this post

European Data Protection Reform – What you should know.

European Data Protection ReformIf your company touches any Europeans’ data you’d better prepare for what’s coming.


The EU data protection reform is steadily moving forward. On March 12, 2014, the European Parliament adopted the current proposal in its first reading. The new regulation is intended to strengthen consumer privacy rights and to boost Europe’s digital economy. However, many experts across the Atlantic have expressed deep concerns with regard to some controversial aspects of the incoming laws, which introduce bigger fines, 24 hour disclosure and the enforced Data Privacy Officer. The proposed regulation applies to the processing of personal data pertaining to data subjects in the EU even if the controller or processor of such data is not established in the EU. U.S. companies with or without operations in the EU that fail to comply with the new rules can trigger fines up to €100 million. If your company touches any Europeans’ data, you’d better prepare for what’s coming and know what to do to minimize the impact on your organization when the regulation is enforced.

 

EU regulation vs. U.S. laws: a matter of cultural bias?

The consolidated version of the EU commission´s proposal for a General Data Protection Regulation following the LIBE Committee vote of October 21, 2013 differs fundamentally from the U.S. approach to the protection of personal data. “Whether one approach is better than the other, is a question of data protection culture. You might think that these are two extremes. On the one hand you have very restrictive regulation with higher fines, which are in my opinion over the top. On the other hand, there is so much leeway under the U.S. data protection laws that you can do almost anything as long as it’s not specifically prohibited.” observes Andreas Leupold, the German IT attorney recipient of the “Lawyer of The Year 2013” award who advises clients across Germany, England and the U.S.

Read more of this post

Mobile Security: iOS Jailbreaks Pose Risks

Mobile Security: iOS Jailbreaks Pose RisksJailbreaking is happening in the millions: don’t turn a blind eye.



The latest jailbreak for iOS 6.1, released on 4 February, was downloaded by a whopping 5 million users in the first 48 hours alone, according to the website stats posted by Cyril (a.k.a. pod2g), the developer of the latest hack published on evasi0n.com. During these first two days, the websites served 40 million page views of which a good 50 per cent to 2.5 million unique visitors from the U.S.

Read more of this post

Icebergs, The Nordics, and Other BYOD Considerations

The BYOD iceberg headed towards your businessNew data shows that companies are increasingly exposed to security risks due to a variety of consumer-grade technology brought in by the employees.


I just returned from a tour in the Nordic countries where I presented to the local press the results of the latest BYOD survey* conducted by YouGov on behalf of Trend Micro. The data collected from 3,012 interviews across Norway, Sweden, and Denmark highlights many details of this controversial IT Trend. Most importantly, the research confirms an undeniable truth: Companies around the world are exposed to increasing security risks due to a variety of consumer-grade technology brought into the enterprise by the employees and inevitably used for work-related activities.

Read more of this post

The Financial Impact of Consumerization – The Hidden Costs

BYOD Financial CostsExecutives and IT leaders are struggling to understand the true costs and benefits of IT consumerization and it’s not difficult to see why. Even a cursory Google search on the subject throws up as many questions as it does conflicting answers. The reason is that no comprehensive research has been conducted into the financial impact of such programs before.

That’s why Trend Micro recently decided to take the bull by the horns and commission Forrester Consulting to conduct a rigorous, scientific study – interviewing over 200 IT leaders in the US, UK, France, and Germany. With the results we have begun to build an accurate picture for the first time of what organizations are measuring in their BYOD programs and the cost impacts, in order that IT leaders can go away and begin to formulate for themselves an effective cost benefit analysis.

Read more of this post

Follow

Get every new post delivered to your Inbox.

Join 25 other followers