THE EU’S parliamentary body has pushed through data protection reform that could end up costing businesses millions of pounds.
The General Data Protection Regulation (GDPR) was approved by the European Parliament last week, and gives EU citizens greater control over how their personal data is stockpiled by companies.
Fierce European ‘yes’
Several provisions have been included within the rules for European citizens and businesses, including a right to be forgotten for individuals, a right to transfer your data to another service provider and the right to know when your data has been hacked.
“This is a great success for the European Parliament and a fierce European ‘yes’ to strong consumer rights and competition in the digital age,” said Jan Philipp Albrecht, member of the Greens/European Free Alliance, who steered the legislation through parliament.
“The regulation will also create clarity for businesses by establishing a single law across the EU. The new law creates confidence, legal certainty and fairer competition,” he added.
‘Firms will need to take time to plan’
In a blow to international businesses, the regulation also implements ‘stronger enforcement’ against companies which holds Europeans’ data, applying fines of up to 4% of firms’ total worldwide annual turnover, or €20m (£15m) as a deterrent to breaking the rules.
The provisions will be directly applicable in all member states two years after the new rules are published in the EU Official Journal.
Due to the UK and Ireland’s special status regarding justice and home affairs legislation, the directive’s provisions will only apply in these countries to a limited extent.
“The data protection impact assessments will require companies to formalise their documentation showing exactly what they are doing with customer data and who can access it,” says Sachiko Scheuing, european privacy officer at Acxiom.
“If not in terms of budgetary investment, firms will need to take time to plan for this major initiative.”
Alex Traill, professional indemnity partner at risk and insurance law business BLM, previously warned of the risks posed to FD’s by the EU’s data protection rules