Save content
Have you found this content useful? Use the button above to save it to your profile.

EU Data Protection What do the new rules mean?

9th Feb 2016
Save content
Have you found this content useful? Use the button above to save it to your profile.

In January 2012, the European Commission proposed a comprehensive reform of the data protection rules in the EU. The completion of this reform was a policy priority for 2015.

Finally, January 2016 saw the European parliament and Council agreeing to the wording that will make up the revised data protection rules in the EU.

The objective of this new set of rules is to ensure that citizens have control over their personal data and to simplify the regulatory requirements for businesses. The reform will enable european citizens and businesses to benefit from the digital economy.

When you open a bank account, join a social networking site, book flights online you are effectively handing over vital personal information that includes your name, address and credit card details.

What happens to this data and, what if it falls into the wrong hands?

More importantly what rights do you have regarding your personal information?

What do the reformed data protection rules say?

  1. Consent - in order to communicate with individuals, companies must gain absolute consent that is neither misleading or ambiguous in other words it must be written in plain english so individuals can choose. Companies must be very clear and provide specific information on how they will manage the consumers' personal data and what will be done with it. Consent can be given orally, in writing or in any other suitable form but companies must not deceive individuals as to how their data will be used.
  2. Direct marketing will now be seen as a legitimate interest. The processing of personal information for marketing purposes is considered legitimate making direct marketing permissible. This means that direct marketing is considered a necessary process in the development of future and existing customer relationships but the caveat to that is if the company uses the pretext of contacting a customer based on 'legitimate interest' each time contact is made then the value of the relationship must be questioned.
  3. Right to be forgotten - the revised text of the rules gives the subjects the "right to obtain erasure when a data subject objects to the processing of personal data". Giving the consumer the right to opt out of any processing of their personal information, including profiling, at any time free of charge. When an individual chooses to opt out, they can no longer be contacted for marketing purposes. This right to opt out must be bought to the attention of the individual in the first communication between the organisation and consumer and, must be present on all communications. Unsubscribe/opt out language will need to be simplified and unambiguous to allow consumers to choose.
  4. Data protection officer. For companies that breach the new rules, fines could be as much as 4% of the global turnover. The rules suggest that organisations may need to consider appointing a dedicated data protection officer to ensure that the company is compliant. In businesses that are responsible for processing large volumes of data this will be mandatory.

What happens next?

These rule changes represent a step forward but it is by no means complete and the draft may well be revised. The rules will be put to a vote by all of the EU parliament in the forthcoming months. After which, member states will have two years to ensure the regulations are incorporated into their own national laws. 

Whether this initial reform of the rules represents a big step forward remains to be seen and the above rules to a large extent already apply particularly with opt in/opt out required for email marketing. 

The change in the rules recognises the fact that masses of data is being processed, stored and interrogated daily and we, as consumers have the right to understand what organisations are doing with our data and what safeguards they have in place to ensure protection of this vital information.

Replies (2)

Please login or register to join the discussion.

Locutus of Borg
By Locutus
09th Feb 2016 16:37

All this won't matter ...
... If we leave the EU.

Thanks (0)
Replying to RetiredTax:
By The Outsourcing Pro
15th Feb 2016 13:13

EU data

Thanks for dropping by and for your comment. Yep, I couldn't agree more if we vote to leave the EU all of this will be superfluous. Although Cameron may think he scored a better deal for us following recent events, he hasn't and I think the public will exercise their final say. We shall see

Thanks (0)