May the Fourth Be with EU
Blog Article Published: 04/20/2016
Data Privacy Gets a Stronger Light SaberBy Nigel Hawthorn, EMEA Marketing Director, Skyhigh Networks On April 14, 2016, the EU Parliament passed the long-awaited new EU rules for personal data protection (GDPR). Everyone who holds or processes data on individuals in the 28 countries of the EU has until Star Wars Day 2018 (May 4) to comply. The top 10 provisions of the regulation are:
- It is a global law. No matter where you are in the world, if you have data on individuals in the EU and lose it, you are responsible and can be fined. As an example, if you have a web site and a European comes on and enters their contact information, you have to conform.
- Increased fines. Up to 4% of global turnover or €20,000,000 (US$22M)
- Opt-in regulations. Users must give clear consent to opt-in to their data being collected and you must only use it for the purpose defined. No opting out, no hidden terms, no selling/giving data to other people.
- Breach notification. If you lose data, you have 72 hours to tell the authorities.
- Joint liability. If multiple companies process the data, they are all liable if data is lost, so if you hold data YOU are responsible if data gets lost via a risky cloud service.
- Users can demand their data back, that it is updated and deleted. If you hold data, you need to work out how to achieve those.
- Removes ambiguity. One law across all 28 countries of the EU.
- Common enforcement. The authorities are expected to enforce consistently across all the countries, the good news is data holders only need to deal with one authority.
- Collective redress. Users can sue together if data is lost in class action lawsuits.
- Data transfer. Data transfer from the EU is allowed, but subject to strict conditions.