The European Commission has announced its proposals for changes in data protection law. These will have important implications for most businesses.
The most important changes as regards businesses are:
- Where a serious data breach occurs, the organisation concerned will be required to notify the supervisory body (the Data Protection Registrar in the UK) within 24 hours of the breach;
- Fines for serious violations are to be increased, with businesses facing a fine of up to 2 per cent of annual turnover;
- The changes to ‘cookie’ law are to be brought in as expected, with explicit consent needed to be given for data to be processed;
-
Public bodies and enterprises with more than 250 employees will have to appoint a data protection off
icer;
For fuller details, see the EC website.
The Information Commissioner’s initial response to the proposals can be found here.