The EU Data Protection Law: What Your Company Can Do to Ensure a Smooth Transition

Following a three-year investigation, Google has finally agreed to change its privacy policy to comply with the Data Protection Act. In 2012, Google’s data privacy policies were questioned and criticized by European data protection commissioners as they resulted in “ungoverned” use of personal data without the clear consent of users. According to reports, commissioners told Google to give users a stronger and more detailed control over their data. An order to change its data privacy policy was passed in October 2013. Google has now agreed to make changes to its privacy policy and inform users about how it handles their data.

In a statement, the regulator says: “Google has now signed an undertaking committing to make further changes to their privacy policy to ensure it meets the requirements of the Data Protection Act and take steps to ensure that future changes to its privacy policy comply, including user testing”. The new regulations will be implemented by June 30 and further improvements will be take effect in the next two years.

The proposed EU data protection reform has reached a new and significant milestone. However, the changes could be quite alarming for some organizations with established practices that differ from the the new rules. Some rules will include the “right to be forgotten,” which was reinforced by a positive ruling in the second quarter of 2014 that allows users to request search engines to remove search results related to them. In addition, data controllers will be required to perform a balancing act against any competing rights to freedom of expression. In line with new EU data protection regulation that is set to be implemented this year, we’ve rounded up a set of guidelines to get your organization ready:

  • Health check – assess and understand your company’s position. This understanding of your company’s current policies and data management will help determine if you're compliant or need to change anything before the new regulation is fully implemented.
  • Transparency and accountability – Consider the following in your data-handling process:
    • What do you do with user data?
    • Who has access to the data?
    • Is the data shared or kept within the sole confidentiality of the company?
  • Validate and update all documents – make sure that all documents are ready for audit and that standard and policies are periodically reviewed.
  • The right technology – ensure that your data privacy and compliance strategy is supported by your systems and infrastructure.
  • Education is key – train and educate your people on the rules of the regulations, both new and existing, including best practices for ensuring information and data security.
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Opublikowany w Online Privacy, Data Privacy