The information age has transformed people’s lives and given everyone so many opportunities, particularly on the internet: everything from shopping to social networking. But it’s also created a vast amount of data about individuals and their lives. Now, the EU’s Data Protection Directive is the main regulation which governs the use of this data.
The new legislation installs a ‘mandatory data breach notification’ ruling across both public and private sector organisations, requiring them to report any breaches to relevant supervisory authorities, such as the Information Commissioner’s Office in the UK, as well as inform any seriously affected individuals – all within 24 hours.
Organisations that fail to alert on or notify a personal data breach in a timely or complete fashion to the supervisory authority will face fines of up to 2 per cent of their current revenues. The legislation will take effect two years after it has been adopted. This new law makes it essential for organisations to improve the use of the data generated by their IT systems, in order for any aberrant activity to be more quickly and effectively identified.
Unfortunately, all too often this information is managed in an inefficient and disparate manner. This can lead to inaccurate data breach notifications being issued, as many organisations are unable to accurately identify exactly what the breach entailed.
In this video, Axel Voss, EPP Group spokesman and German MEP welcomes the plan to tighten data protection.