Progress on Data Protection in the European Union

July 1, 2015

conduentblogs

We may see the final text of the proposed EU General Data Protection Regulation by the end of 2015. In mid-June, the Council of the European Union set forth an agreed general approach to the proposed EU General Data Protection Regulation. And just last week, the Council, the European Parliament, and the European Commission held their first trilogue negotiations on the measure.

The draft the Council brought to the negotiating table included several important provisions that U.S. organizations doing business abroad should note:

Single law: Instead of being a directive, the regulation will be a pan-European law that replaces the inconsistent patchwork of laws among the 28 nations of the EU.
Purpose requirement: Businesses that collect and process data, called “data controllers,” can do so only for a legitimate purpose and with the unambiguous consent of the data subject.
Right to erasure: Individuals have the “right to be forgotten,” meaning that they have the right to ask service providers not to store their personal data.
One-stop shop: Global companies that do business in more than one EU nation will only have to deal with a single supervisory authority, not one in every state or locality where they do business. This change will lead to greater consistency among legal rulings and, consequently, will allow organizations to save money.
Security: Data controllers must implement security measures to protect their data and notify affected individuals and the appropriate data protection authority about any breaches.
Sanctions: Organizations that breach the regulation can be subject to fines of up to 2 percent of their global annual turnover; however, the European Parliament has suggested raising the penalty to 5 percent.

We will continue to monitor the status of the law as it proceeds through negotiations. There will be additional meetings from July to December between the three organizations to discuss the terms of the regulation.

The earliest the regulation will come into effect is two years after an accord is reached and its final text is published. In the interim, organizations should anticipate how the regulation will affect their data processing protocols and make the necessary adjustments.

Rachel Teisch is vice president, marketing at Conduent. She can be reached at rteisch@conduent.com.

Progress on Data Protection in the European Union

Digital transformation of government technology and services enhances constituent experiences

Digital payments: More than just convenient

Creating connections in California: Sharing good news about secure payments for citizens

Adopting digital payments to avoid the “road less traveled”

Four ways digital payments can streamline your financial operations

Earth Day 2023: Reflecting on investing in our planet

Honoring legacies by embracing equity

ConduentCares, India: Sustainability efforts for our environment and communities

Why updating OMB race and ethnicity data standards matters for health equity

Three key strategies for small to mid-sized healthcare payers in the Medicare Advantage market

When Reducing Costs, Cutting Customer Experience Isn’t the Answer

Driving Toward Sustainable Cities: Enhancing accessibility and optimizing passenger flows

For telcos, simplifying convergence is the best way to deliver customer service excellence

Policy, engagement, families take center stage at National Child Support Enforcement Association 2023 Policy Forum

Podcast: Getting Total Rewards Right in an Evolving HR and Benefits Environment

From Bare Minimum to Enthusiastic – Ways to Engage Your Workforce

Engagement and Enthusiasm at NCSEA Policy Forum 2023

Conduent Transportation helps expand campaign to aid and assist vulnerable members of the public

A Season for Children

New Experiences and Familiar Faces at WICSEC 2022