Reforms to EU Data Protection laws
increase accountability for businesses
Proposed reforms announced today to European data protection laws would force businesses to take more care over the way they store and destroy sensitive and confidential information, says the European head of Shred-it, a leading information destruction company.
According to a speech by EU Commissioner Viviane Reding this week, the revised EU Data Protection Directive would create pan-European regulation to replace the existing patchwork of 27 national codes and give citizens the right to control their data.
The proposed revisions would also require businesses to take greater steps to demonstrate compliance with data protection regulations and increase the penalties for non-compliance fines potentially reaching up to five per cent of global annual turnover.
The Executive Vice President EMEA of information destruction experts Shred-it, Robert Guice, said: “We saw a marked increase in business following the last increase in the powers of the ICO (March 2010) but it seems that many companies and public sector organisations have slipped back into bad ways since”.
“The reforms proposed this week and the powers it will give to the ICO will hopefully serve as a timely wake-up call to any business that still does not have a proper data management and destruction system in place”, Mr Guice continued.
It is expected that, under the new rules, public and private sector organisations with more than 250 employees would be forced to appoint an independent data protection officer in order to safeguard against lost, stolen and breached data. Their role would be to monitor whether the processing activities are carried out in compliance with the data protection policy and the new law.
Robert Guice advised organisations thinking of toughening up their information management regimes that “the first stage of ensuring your organisation is safe from the risk of data breaches and is compliant with the law is to draw up a data protection policy.”
“And, although the safe disposal of electronic equipment such as hard drives, USBs and laptops has to be paramount, you will still need to be clear about how printed documents will be securely destroyed”.
“All the firewalls and passwords in the world will prevent not the risk of paper documents being lost or stolen from insecure bins and ordinary disposal methods,” Mr Guice warned.