EU: votes for new data-protection rules

Four years of negotiation results in expanded right to be forgotten and more responsibilities for organisations.

The new legislation on data protection aims to give people more control over their personal information.  Companies could face massive fines for breaching the new law.

Implications for businesses

The regulation means organisations must notify users about how personal information is being collected, stored and shared.

  • Businesses handling large amounts of sensitive data, or monitoring consumer behaviour, must appoint a Data Protection Officer
  • Data must be tracked in a way that can be audited.
  • Breaches must be reported within 72 hours
  • Fines of up to 4% of global revenue can be imposed

Implications for individuals

  • The right to be forgotten means we can now request organisations to delete our data and they should comply provided there is no legitimate reason for them to retain the data
  • The legislation should mean that individuals can ‘transfer’ their data between providers

The new legislation applies to all organisations conducting business in Europe -  regardless of where they are based.

Sources: endgadget; the Independent.