Breaking finance and business news, tax information, jobs and more for finance directors and senior finance professionals.

Reforms to EU Data Protection laws increase accountability for businesses

Governance
Written by Paul Williams
Tuesday, 24 January 2012
New law would also require businesses to take greater steps to demonstrate compliance with data protection regulations. Reforms announced today to European data protection laws will force businesses to take more care over the way they store and destroy sensitive and confidential information, says the European head of Shred-it, a leading information destruction company. Related Articles Beware!- FSA Clamping Down on Unauthorised Regulated Business Groupon Inc under investigation for advertising regulations breaches Leaders must align SEPA regulation with bank customer requirements sa Agency Worker law changes: Companies could ditch agency workers over c Banco Santander: Markets too volatile for our liking According to a speech by EU Commissioner Viviane Reding this week, the revised EU Data Protection Directive will see pan-European regulation replacing the existing patchwork of 27 national codes and give citizens the right to control their data. However, the draft new law would also require businesses to take greater steps to demonstrate compliance with data protection regulations and increase the penalties for non-compliance fines potentially reaching up to five per cent of global annual turnover. Currently, in the UK, £500,000 is the largest fine that can be imposed on an organisation for breaching UK data protection laws by the government's data protection watchdog, the Information Commissioner's Office (ICO). The Executive Vice President EMEA of information destruction experts Shred-it, Robert Guice, said: "We saw a marked increase in business following the last increase in the powers of the ICO (March 2010) but it seems that many companies and public sector organisations have slipped back into bad ways since. "The Directive published today and the powers it will give to the ICO will hopefully serve as a timely wake-up call to any business that still does not have a proper data management and destruction system in place." It is expected that, under the new rules, public and private sector organisations with more than 250 employees must appoint an independent data protection officer in order to safeguard against lost, stolen and breached data. Their role will be to monitor whether the processing activities are carried out in compliance with the data protection policy and the new law. Guice advised organisations now needing to reappraise their information management regimes that: "The first stage of ensuring your organisation is safe from the risk of data breaches and is compliant with the law is to draw up a data protection policy. "And, although the safe disposal of electronic equipment such as hard drives, USBs and laptops has to be paramount, you will still need to be clear about how printed documents will be securely destroyed. All the firewalls and passwords in the world will prevent not the risk of paper documents being lost or stolen from insecure bins and ordinary disposal methods."

Share this article:

Digg it!

del.icio.us Seed in Newsvine

Newsvine

Reddit Facebook

Stumble It!

Subscribe to our weekly newsletter for top jobs, news, blogs and more

Get the latest senior finance job roles, news, blogs, features, industry moves and opinion delivered directly to your inbox every week. Sign up here .