New EU data protection law to arrive in 2015

The European Union has indicated that the widely-awaited General Data Protection Regulation (GDPR) will come to fruition before the end of the year.

The European Commission
The European Commission

In a lengthy blog post issued yesterday, which was the ninth European Data Protection Day, vice president Andrus Ansip and Commissioner Vera Jourova said that the reforms would bring EU's data protection practices into the modern era.

“Citizens and businesses are waiting for the modernisation of data protection rules to catch up with the digital age,” they said in a statement. “New technologies are emerging fast and have enormous potential for our society and economy. This potential can only be fully realised if people can trust the way their personal data is used. Ensuring trust will allow the European Digital Single Market to live up to its full potential. EU data protection reform, which will cut red tape for business and ensure a single set of rules, is part of the solution.”

“EU Data Protection reform also includes new rules for police and criminal justice authorities when they exchange data across the EU. This is very timely, not least in light of the recent terrorist attacks in Paris. There is need to continue and to intensify our law enforcement cooperation. Robust data protection rules will foster more effective cooperation based on mutual trust.

“We must conclude the on-going negotiations on the data protection reform before the end of this year. By the 10th European Data Protection Day, we are confident that we will be able to say that the EU remains the global gold standard in the protection of personal data".

Stewart Room, privacy lawyer and partner at PwC, said in an email to SCMagazineUK.com that the news is encouraging, and urged businesses to get compliant.

“The joint statement expresses confidence and optimism that the EU data protection reform process will be completed by the time we reach the next Data Protection Day in 2016.  Of course, nothing is guaranteed, because the completion of the reforms requires the agreement of all the EU member states, but it does seem that the confidence and optimism is well placed: the reform process is much closer to its end than its beginning,” said Room.

“Clearly, businesses need to take action now, to assess the extent to which they may need to make adjustments to their business practices to meet the requirements of the new law.  They shouldn't leave this analysis until the political negotiations are complete, because they won't have enough time to make the required adjustments by the time the law actually comes into effect. 

Alessandro Porro, VP of international at Ipswitch, agreed with Room that IT and IT security professionals need to review the impending legislation, and adapt their businesses accordingly.

“GDPR includes an obligation to protect personal data across the border-less enterprise. IT professionals should review and bolster their data processing policies and practices now, before the regulation comes into effect.  

Page 1 of 2