New data protection

Posted: 6th February 2012

The European Commission has announced its proposals for changes in data protection law. These will have important implications for most businesses.
The most important changes for businesses are:
  • Where a serious data breach occurs, the organisation concerned will be required to notify the supervisory body (the Data Protection Registrar in the UK) within 24 hours of the breach;
  • Fines for serious violations are to be increased, with businesses facing a fine of up to 2 per cent of annual turnover;
  • The changes to ‘cookie’ law are to be brought in as expected, with explicit consent needed to be given for data to be processed;
  • Public bodies and enterprises with more than 250 employees will have to appoint a data protection officer.
For fuller details, see the EC website.
The Information Commissioner’s initial response to the proposals can be found here.