Clear sky
26 °C
Germantown, Maryland
Clear sky

Tue Sep 18 2018
none

EUROPEAN DATA LAW TO HIT CLOSE TO HOME

10-05-2018
by 
in 

As if the latest Australian data security legislation wasn’t enough to get your head around, it now seems that we all need to look to Europe and take note of the EU’s new General Data Protection Regulation, or GDPR, which comes into force on 25th May.

If there’s one thing that the European Union does well, it’s framing laws, and the GDPR is probably the most comprehensive piece of data security legislation the world has ever seen. And as it is a “regulation” rather than a “directive” it will immediately become law in all member states on 25th May, rather than needing enactment in each member state.

The GDPR replaces Directive 95/46/EC, which was enacted more or less intact by all member states in 1995.

And while the main principles on privacy are still the same, the new regulations are framed for the modern world – bearing in mind that in 1995 social media and cloud storage did not exist and only about 1% of the European population was using the Internet.

In case you’re wondering what this has to do with Australia, the GDPR will not only apply to organisations located within the EU but also to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU residents (or “data subjects” as defined in the regulation).

So it applies to all companies processing and holding the personal data of European Union residents, regardless of the company’s location – and regardless of the location of the data (so the cloud is not a get-out clause!).

Among a raft of additions to the previous directive, the regulation also greatly strengthens the rights of the “data subject” in terms of access to any data held and in the right to be “forgotten” – effectively to have all data removed from any given database.

Perhaps the biggest change is in the penalties that can be enforced, with the potential for organisations to be fined up to 4% of their global turnover (or Eur20 million) for the most serious breaches.

While it will be interesting to see whether the EU will be able to enforce such penalties on companies that operate outside its jurisdiction, organisations worldwide should pay heed to the requirements of the GDPR.

The scope and framing of the legislation really do provide a framework that should be viewed as “world’s best practice” for data security.

Related news & editorials

  1. 13.09.2018
    13.09.2018
    by      In
    I was intrigued to hear of a study released this week from the University of Waterloo in Canada that concluded that companies should avoid scheduling important work tasks immediately following an election.
    Psychologists from the university surveyed a sample of American voters, asking them to rate... Read More
  2. 08.08.2018
    08.08.2018
    by      In
    When Donald Trump withdrew the USA from the Paris Accord on Climate Change, he gave climate change sceptics around the world a barrage of ammunition with which to derail their own national initiatives. And yet the ammunition remains unfired.
    The remainder of the world remains on track to meet (or... Read More
  3. 07.06.2018
    07.06.2018
    by      In
    Regardless of where you were born, chances are that your youth was punctuated with vacations by the sea and the odd cooling dip in the ocean. Admittedly for those of us from cooler northern climes, these were probably limited to the one month a year that might approximate to summer, but the idea is... Read More
  4. 08.05.2018
    08.05.2018
    by      In
    Depending on your age and where you were brought up, chances are that you might have made a bit of pocket money as a kid from foraging and redeeming glass bottles.
    This early form of recycling – long before local councils got in on the act – funded many a bag of lollies at the convenience store.... Read More