by GDPR Associates | 14th July 2015 4:57 pm
Since the first draft comprehensive regulation to govern cybersecurity in the European Union (“EU”) was issued by the European Commission in January 2012, the European Commission, the European Council, and the European Parliament have been working together to update and supersede the existing EU Directive (95/46/EC) in order to bring it up to date and in line with recent sweeping advances in technology and technological globalization. (EU Privacy Regulations: Who Will Own Your Data Now?, Corporate Counsel, July 8, 2015, Frances McLeod) On June 11, 2015, the European Council issued its own Proposal for a European General Data Protection Regulation (“GPDR”) for review and consideration.
The objective of the European Commission, the European Council, and the European Parliament is to issue a final proposed comprehensive regulation for the EU by the end of 2015, with final approval and adoption thereof to occur by the Spring of 2016. (European Council approves EU General Data Protection Regulation draft; final approval may come by end of 2015, Data Protection Report, June 15, 2015, Marcus Evans; European Union data protection reform: What should businesses be doing now to get ready?, Data Protection Report, Kimberly Gold) When this new comprehensive regulation is adopted by the EU, not only will EU Directive (95/46/EC) be superseded and replaced, but also sweeping changes will be implemented relative to companies with operations in the EU or doing business in the EU.
Now is the time for companies to start readying themselves for these significant forthcoming regulations. (As of this writing, the U.S. Congress has not yet adopted a comprehensive and preemptive law regulating cybersecurity in the U.S., thus leaving U.S. companies to be cognizant of at least 47 separate and differing state notification laws.)
(Privacy Regulations: Who Will Own Your Data Now?, Corporate Counsel, supra)
The obvious implications of these, and other, potentially forthcoming EU regulations is that companies without a data protection policy need to obtain a data risk assessment now, and those with existing data protection policies should reevaluate such policies immediately. (Id.)
The original article can be found here.
Source URL: https://www.gdpr.associates/new-eu-cybersecurity-regulations/
Copyright ©2020 GDPR Associates unless otherwise noted.