What companies need to know about EU data protection regulation

April 2016
Powered by The Paypers | Regulatory requirements

The EU has adopted legislation on data protection on 14 April noting that companies could face huge fines for breaching the new law.

Data protection errors will be far more expensive than before. Companies that do not comply with the strict new requirement will face fines of up to 4% of their global revenue for the previous year, or EUR 20 million, depending on which is greater.

Companies will have to appoint a special data protection officer if they are handling significant amount of sensitive data or monitoring the behaviour of many consumers. Under the new legislation companies must keep track of personal data in auditable ways and provide breach notification within 72 hours.

The new rules will essentially give individuals greater control over their personal data. This means that when an individual will no longer want his data to be processed, provided there are no legitimate reasons for retaining it, he can ask his company to erase it. This extends to internet companies storing our data, so someone can technically ask Facebook to erase its profile along with all the data that it has gathered while you were using it.

The law applies to all companies conducting business in Europe regardless of where the companies are based. This means a single set of rule will replace the current patchwork of national laws, making clearer both for businesses and consumers.

The regulation will enter into force 20 days after its publication in the EU Official Journal. Its provisions will be directly applicable for all member states in two years.