How firms can prepare for the new European data protection law changesJclarke
This week, the EU has updated its 19-year-old data protection laws, with stronger safeguards for citizens’ personal data. The new European data protection laws mean that companies found in breach of users’ personal data rights will risk fines of up to €100m.
How firms can prepare for the data protection changes
The DMA has issued some guidelines on how UK firms can prepare for the changes:
Be 100% compliant with existing DP legislation
A good place to start is ensuring that your organisation is compliant with the existing UK data protection law, something that the deputy Information Commissioner, David Smith, urged the industry to do at Data protection 2014 on Friday 7 March.
Plan for opt-in consent
While we don’t know for certain if opt-in consent will feature in the new Regulation businesses need to think about how they would prepare for such a move in postal and telephone marketing. Businesses should think about how they obtain consent from consumers at the moment and whether consumers are aware of what they are consenting to.
Be ready for data breach notification requests
There will be a requirement for organisations to notify consumers and data protection authorities of data security breaches so organisations should know which individuals they hold personal information about and where the personal information is kept. Organisations who have this information will find it easier to report data security breaches to individuals and data protection authorities.
Make data a priority
Organisations should also begin to think about building data protection into any developments at an early stage (privacy by design) and carrying out privacy impact assessments.
In a statement, the DMA said it will “continue its efforts to ensure that the final version of the Regulation contains a balanced approach between the interests of consumers and the industry and will update members on developments.”
Combemale added some final advice for businesses: “You can take action now to prepare for the changes by looking at your data privacy notices, checking that you have the proper permissions in place and by ensuring your business complies with existing data protection laws.”