The European Union recently released a set of draft recommendations for a major update to the current privacy framework that underpins Directive 95/46/EC. The changes would introduce a single set of rules on data protection, valid across the EU. The proposed changed give individuals more control over their personal information and would have a significant impact on any organization that processes data on EU citizens.
The report entitled “Safeguarding Privacy in a Connected World A European Data Protection Framework for the 21st Century” come after a new study on attitudes on data protection indicates growing concern over data privacy among the citizens of EU countries.
Some highlights of the guidance include:
- Breach responsibility and accountability – companies would have to notify their clients of any theft or accidental release of personal data
- Explicit Consent: Before a company reuses their personal data, individuals need to give that consent explicitly. People would also have access to their own private data and be able to transfer it to another service provider more easily
- List Removal: The updates enforces the ‘right to be forgotten’ – where people will be able to have their personal data deleted if a business or other organization has no legitimate reasons for keeping it
- International Scope: The updates apply EU rules when personal data is processed outside Europe. People would be able to involve the national data protection authority in their country, even when their data is processed by a company based outside the EU.
Organization concerned with compliance must consider updating their information security and data privacy policies.