If you need HELP, SUPPORT or just have a GDPR question please call +44 (0) 208 133 2545 or email us at email@example.com.
Alternatively please visit our contact page
FREE GDPR Helpline
Call +44 (0) 208 133 2545
New EU Cybersecurity Regulations On The Way: Things To Know Now
By Stephen H. Jett on July 14, 2015
Posted in Cyber Security
Since the first draft comprehensive regulation to govern cybersecurity in the European Union (“EU”) was issued by the European Commission in January 201, the European Commission, the European Council, and the European Parliament have been working together to update and supersede the existing EU Directive (95/46/EC) in order to bring it up to date and in line with recent sweeping advances in technology and technological globalization. (EU Privacy Regulations: Who Will Own Your Data Now?, Corporate Counsel, July 8, 2015, Frances McLeod) On June 11, 2015, the European Council issued its own Proposal for a European General Data Protection Regulation (“GPDR”) for review and consideration (click here).
The objective of the European Commission, the European Council, and the European Parliament is to issue a final proposed comprehensive regulation for the EU by the end of 2015, with final approval and adoption thereof to occur by the Spring of 2016. (European Council approves EU General Data Protection Regulation draft; final approval may come by end of 2015, Data Protection Report, June 15, 2015, Marcus Evans; European Union data protection reform: What should businesses be doing now to get ready?, Data Protection Report, Kimberly Gold) When this new comprehensive regulation is adopted by the EU, not only will EU Directive (95/46/EC) be superseded and replaced, but also sweeping changes will be implemented relative to companies with operations in the EU or doing business in the EU.
Now is the time for companies to start readying themselves for these significant forthcoming regulations. (As of this writing, the U.S. Congress has not yet adopted a comprehensive and pre-emptive law regulating cybersecurity in the U.S., thus leaving U.S. companies to be cognizant of at least 47 separate and differing state notification laws.)
Some highlights of the proposed EU GPDR include:
(Privacy Regulations: Who Will Own Your Data Now?, Corporate Counsel, supra)
The obvious implications of these, and other, potentially forthcoming EU regulations is that companies without a data protection policy need to obtain a data risk assessment now, and those with existing data protection policies should revaluate such policies immediately. (Id.)
The original article and image was posted here: http://www.privacyanddatasecurityinsight.com/2015/07/new-eu-cybersecurity-regulations-on-the-way-things-to-know-now/