Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

LARGEST REFORM OF DATA PROTECTION LEGISLATION IN 20 YEARS PUBLISHED 

Comment from media and intellectual property law firm Howard Kennedy.

The much anticipated reform of data protection legislation was yesterday (14th April) approved by the European Parliament.

Along with a new ‘right to be forgotten’, the General Data Protection Regulation seeks to bring greater accountability on organisations holding personal data, says law firm Howard Kennedy.

Robert Lands, Head of Intellectual Property at Howard Kennedy said: “The General Data Protection Regulation introduces new rights for individuals and considerably more onerous obligations for businesses.  Get it wrong and businesses could face a fine of four per cent of global turnover or 20 million Euros (whichever is the greater).”

The General Data Protection Regulation represents the largest reform of this area of legislation in more than 20 years.

The reform covers many areas, but the key changes are summarised:
For individuals

  • A new right to be forgotten, known as the ‘right of erasure’;
  • A new right to data portability to enable people to switch service providers more easily; and
  • Enhanced rights to see information held by organisations.

For businesses

  • All data processors, not just data controllers, can now be held liable for mismanagement of data;
  • The regulations now extend to all businesses anywhere in the world if handle data about EU citizens, not just businesses based in the EU;
  • Strict limits on automatic personal profiling of individuals;
  • More detailed notices to individuals now required;
  • New rules which apply to the processing of personal data relating to children;
  • Business will need to carry our regular privacy impact assessments; and
  • Mandatory notification of data security breaches, within 72 hours of the breach.
  • Mandatory data protection officer’s in larger companies.

Robert Lands offers this advice for businesses on what they need to consider to comply with the new regulations.

  • Audit current data protection practices for potential areas of non-compliance.  Pay particular attention to the following:
    • Look at how the data is gathered – do you have the right permissions?
    • What are individuals told about how the data is to be used, and how does that match with reality?
    • Who has access to the data, and how is it stored?
    • Is the data held entirely within the EU, and, if not, have international transfers been done lawfully?
    • To whom is the data disclosed and why?
  • Considering internal policies and systems to help deal with the new rights of individuals and the new obligation to report breaches.
  • Checking contracts with IT suppliers and other companies which might process personal data on your behalf.  Those contracts must contain clauses which deal specifically with personal data, limiting its use.  Contracts should also contain an obligation on the supplier to immediately inform the client of any breach of security/loss or damage to the personal data.

Robert concludes: “This regulation fundamentally changes the way a business interacts, holds and uses data it collects on their customers and clients.  The message is also very clear that with this new regulation sits a desire to police more effectively the misuse of data.  With greatly increased fines, the potential increase in liability will be enormous.”