Thursday 26 January 2012

Proposed EU Data Protection - Data Security

On January 25th, 2012, the EU proposed a comprehensive new General Data Protection Regulation.

Data Security is  covered in Section 2 which includes Articles 30, 31 and 32 which begins on page 59 of the proposed regulation

Here is the main security text from article 30: 
"The controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected,having regard to the state of the art and the costs of their implementation.
The controller and the processor shall, following an evaluation of the risks, take the
measures referred to in paragraph 1 to protect personal data against accidental or
unlawful destruction or accidental loss and to prevent any unlawful forms of
processing, in particular any unauthorised disclosure, dissemination or access, or
alteration of personal data."
It also talks about "solutions for privacy by design and data protection by default", so implying that you should think about security from an early stage.

Article 31 covers notification of a personal data breach - and gives 24 hours for a breach to be notified.

Article 32 gives more details on communication of a personal breach.

At this stage this is only a proposal which may or may not become law in the fullness of time.

Useful Links:

Social: DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

1 comment:

  1. Thanks for this wealth of resources! Patience is a Virtue and you have it!Sample Proposal