Membership Benefits

Click here to view
the benefits available
to IRLA Members
Mayer Brown January 2012 Legal Update PDF Print E-mail
 
  Mayer Brown
 Legal Update | 26 January 2012

Complete reform of EU data protection law announced. Requirements to harden

 RELATED AREAS

Intellectual Property

United Kingdom

European Union
Follow Mayer_Brown_UK on Twitter  Join us on FacebookYour Subscription Details
The European Commission yesterday announced its proposals to substantially enhance data protection compliance throughout Europe. Some of the highlights include:
  • Big fines: Fines of up to 2% of global annual turnover for companies that fail to comply with EU data protection requirements;
  • Requirement to declare security breaches: Organisations to be required to notify national authorities of a serious security breach as soon as possible and within 24 hours if feasible;
  • Requirement to appoint data protection officer: Businesses that have 250 or more employees will have to appoint a data protection officer, responsible for monitoring and implementing compliance with data protection requirements within those businesses;
  • Businesses outside the EU that serve Europeans must also comply: Businesses that offer goods or services to individuals in the EU or monitor their behaviour will have to comply with EU data protection requirements when doing so irrespective of where those businesses are based in the world. Individuals will be able to refer those businesses to the national data protection authority in the individuals’ home country if they wish to make a complaint or ask for sanctions to be taken against them;
  • Consent will not be valid unless explicitly obtained: Where an organisation relies on having obtained consent for the processing of personal data, it will no longer be able to infer or assume from the circumstances that consent has been obtained by the individuals concerned, it will have to demonstrate that those individuals have given their explicit consent to the processing;
  • Right to move data: Individuals will have the right to ask businesses to move their records to alternative service providers; and
  • Right to be forgotten: Individuals will be able to ask organisations to delete all data that those organisations hold on them unless there is a legitimate reason for those organisations to retain it.
The European Commission proposes that a new single data protection law should be introduced, implemented by way of a regulation. The result will be a single set of data protection rules that will apply across Europe as soon as the new regulation is adopted and brought into force by the European Union, rather than differing versions of data protection rules enacted in each EU member state as exists at the moment. Businesses will only have to work with and answer to a single national data protection authority in the EU country in which they have their main establishment, rather than each authority in every member state in which they are based within the EU.

The European Commission’s proposals will now be considered by the European Parliament and the European Council and will take effect two years after they are adopted. Read the European Commission’s announcement here.For further information, please contact:Mark Prinsley
Partner, London
Tel: +44 20 3130 3900Oliver Yaros
Senior Associate, London
Tel: +44 20 3130 3698Visit us at mayerbrown.com
If you would like to update your details and preferences, or would prefer not to receive future mailings from Mayer Brown, please update your details. If you forward this email please bear in mind that person will be able to access your basic details and preferences from the link above.

This email is for Leslie-Ann Giovnilli. If you are not Leslie-Ann Giovnilli and would like to be informed of legal developments and Mayer Brown events that would be of interest to you please fill out our new subscription form.

Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the “Mayer Brown Practices”).  The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. “Mayer Brown” and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions. The "Solicitors' Code of Conduct" published by the Solicitors Regulation Authority sets out the rules and principles of professional conduct for practising solicitors and can be accessed by the following link: http://www.sra.org.uk/solicitors/handbook/code/content.page.This publication provides information and comments on legal issues and developments of interest to our clients and friends. The material is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed in this publication.© 2012. The Mayer Brown Practices. All rights reserved.

See our privacy policy and important regulatory information.
 
[ Back ]

Contact Us

IRLA
47 Bury Street
Stowmarket
Suffolk
IP14 1HD

Tel:  +44 (0) 203 362 4233
Email: This e-mail address is being protected from spam bots, you need JavaScript enabled to view it

  Skype AMS Contact AMS
via Skype