European Data Protection Reform – How to prepare for what is coming

If your company touches any Europeans’ data you’d better prepare for what’s coming.

The EU data protection reform is steadily moving forward. On March 12, 2014, the European Parliament adopted the current proposal in its first reading. The new regulation is intended to strengthen consumer privacy rights and to boost Europe’s digital economy. However, many experts across the Atlantic have expressed deep concerns with regard to some controversial aspects of the incoming laws, which introduce bigger fines, 24 hour disclosure and the enforced Data Privacy Officer. The proposed regulation applies to the processing of personal data pertaining to data subjects in the EU even if the controller or processor of such data is not established in the EU. U.S. companies with or without operations in the EU that fail to comply with the new rules can trigger fines up to €100 million. If your company touches any Europeans’ data, you’d better prepare for what’s coming and know what to do to minimize the impact on your organization when the regulation is enforced.

How to prepare for what is coming

U.S. companies who market goods and services to European consumers should not wait for the regulation to enter into force. You should act promptly to avoid the disruptions and the liability resulting from an untimely implementation of these new rules.

At a minimum, your checklist should include: Read more of this post

European Data Protection Reform – Should you worry yet?

If your company touches any Europeans’ data you’d better prepare for what’s coming.

The EU data protection reform is steadily moving forward. On March 12, 2014, the European Parliament adopted the current proposal in its first reading. The new regulation is intended to strengthen consumer privacy rights and to boost Europe’s digital economy. However, many experts across the Atlantic have expressed deep concerns with regard to some controversial aspects of the incoming laws, which introduce bigger fines, 24 hour disclosure and the enforced Data Privacy Officer. The proposed regulation applies to the processing of personal data pertaining to data subjects in the EU even if the controller or processor of such data is not established in the EU. U.S. companies with or without operations in the EU that fail to comply with the new rules can trigger fines up to €100 million. If your company touches any Europeans’ data, you’d better prepare for what’s coming and know what to do to minimize the impact on your organization when the regulation is enforced.

Should you worry yet?

According to Viviane Reding, EU Justice Commissioner, there is a full commitment of the European bodies to pass this legislation by the end of the year. However, the experts are skeptical with regard to a swift approval by the council of ministers of the EU member states. Read more of this post

European Data Protection Reform – The Enforced Data Privacy Officer

If your company touches any Europeans’ data you’d better prepare for what’s coming.

The EU data protection reform is steadily moving forward. On March 12, 2014, the European Parliament adopted the current proposal in its first reading. The new regulation is intended to strengthen consumer privacy rights and to boost Europe’s digital economy. However, many experts across the Atlantic have expressed deep concerns with regard to some controversial aspects of the incoming laws, which introduce bigger fines, 24 hour disclosure and the enforced Data Privacy Officer. The proposed regulation applies to the processing of personal data pertaining to data subjects in the EU even if the controller or processor of such data is not established in the EU. U.S. companies with or without operations in the EU that fail to comply with the new rules can trigger fines up to €100 million. If your company touches any Europeans’ data, you’d better prepare for what’s coming and know what to do to minimize the impact on your organization when the regulation is enforced.

The enforced Data Privacy Officer – revenue generation for lawyers?

For private legal entities, the obligation set forth in Art. 35 of the regulation to designate a Data Privacy Officer (DPO) only applies to the processing of personal data that affects large amounts of individuals (≥ 5000 data subjects in 12 months) or regular and systematic monitoring of data subjects or the processing of special categories of data, location data or children´s data in large scale filing systems. Read more of this post

European Data Protection Reform – 24 hour disclosure or undue delay?

If your company touches any Europeans’ data you’d better prepare for what’s coming.

The EU data protection reform is steadily moving forward. On March 12, 2014, the European Parliament adopted the current proposal in its first reading. The new regulation is intended to strengthen consumer privacy rights and to boost Europe’s digital economy. However, many experts across the Atlantic have expressed deep concerns with regard to some controversial aspects of the incoming laws, which introduce bigger fines, 24 hour disclosure and the enforced Data Privacy Officer. The proposed regulation applies to the processing of personal data pertaining to data subjects in the EU even if the controller or processor of such data is not established in the EU. U.S. companies with or without operations in the EU that fail to comply with the new rules can trigger fines up to €100 million. If your company touches any Europeans’ data, you’d better prepare for what’s coming and know what to do to minimize the impact on your organization when the regulation is enforced.

24 hour disclosure or undue delay?

The new regulation establishes the consumer right to know when their data has been “hacked”. Companies and organizations must notify the national supervisory authority of serious data breaches as soon as possible, if feasible within 24 hours, so that users can take appropriate measures. Read more of this post

European Data Protection Reform – The 100 Million Euro Fine

If your company touches any Europeans’ data you’d better prepare for what’s coming.

The EU data protection reform is steadily moving forward. On March 12, 2014, the European Parliament adopted the current proposal in its first reading. The new regulation is intended to strengthen consumer privacy rights and to boost Europe’s digital economy. However, many experts across the Atlantic have expressed deep concerns with regard to some controversial aspects of the incoming laws, which introduce bigger fines, 24 hour disclosure and the enforced Data Privacy Officer. The proposed regulation applies to the processing of personal data pertaining to data subjects in the EU even if the controller or processor of such data is not established in the EU. U.S. companies with or without operations in the EU that fail to comply with the new rules can trigger fines up to €100 million. If your company touches any Europeans’ data, you’d better prepare for what’s coming and know what to do to minimize the impact on your organization when the regulation is enforced.

The 100 million euro fine: outrageous sanctions set a disturbing precedent.

Under the current national European data protection laws enacted or amended in the wake of Directive 95/46/EC, administrative fines are rather limited – i.e. in Germany the maximum fine is €300,000 – and rarely imposed at all. The new regulation entails a paradigm change in that it introduces substantial sanctions for non-compliance with the new rules. Read more of this post