Lawyer warns charities about 'toughening' of EU data protection rules

IT | Kirsty Weakley | 17 Apr 2012

European Commission draft data protection regulation, which would require organisations to report data security breaches to the Information Commissioners Office within 24 hours “would be excessively burdensome” for charities, according to BWB lawyer Mairead O’Reilly.

In January the Commission published the draft regulation which would see local laws, including the Data Protection Act in the UK, replaced with one EU-wide law.

Under the proposals all organisations, including charities, with more than 250 people would have to appoint a dedicated data protection officer, and be required to carry out an impact assessment before undertaking any process that presents a privacy risk.

Financial penalties for non-compliance are also set to increase if the new proposals are adopted. The new upper limit for fines would be €1m (approximately £825,000) or 2 per cent of annual turnover. In the UK the highest fine the ICO can impose is currently £500,000.

O’Reilly added: “The regulation represents a significant toughening of data protection in Europe.”

Before the draft regulation can be passed into European law it needs to be approved by the 27 EU member states and then ratified by the European Parliament. This process will take about two years.

“Although it is likely to be some time before the new regime is implemented,” said O’Reilly, “charities should be engaging with the proposed changes and ensuring that data protection is properly factored in to their business planning and compliance.”

In March 2012 Enable Scotland was found to have breached the Data Protection Act following the theft of unencrypted memory sticks, and although the ICO did not deem the breach serious enough to warrant a fine, chief executive Peter Scott was forced to sign an undertaking promising to improve performance.

Positives

Having one data protection law across Europe does have its advantages though, according to O’Reilly: "It will mean that when sharing data with their partner organisations or implementing organisation-wide data protection practises, charities won’t need to check that they are complying with local data protection laws,” she said.

Directory: Bates Wells & Braithwaite

Comments

[Cancel] | Reply to:

Name *

Email *

Organisation

Job Title

Comments *

Verification *

* Please read our Community Standards

Close »

Community Standards

The civilsociety.co.uk community and comments board is intended as a platform for informed and civilised debate.

We hope to encourage a broad range of views, however, there are standards that we expect commentators to uphold. We reserve the right to delete or amend any comments that do not adhere to these standards.

We welcome:

Robust but respectful debate
Strongly held opinions
Intelligent relevant discussion
The sharing of relevant experiences
New participants

We will not publish:

Rude, threatening, offensive, obscene or abusive language, or links to such material
Links to commercial organisations or spam postings. The comments board is not an advertising platform
The posting of contact details for yourself or others
Comments intended for malicious purpose or mindless abuse
Comments purporting to be from another person or organisation under false pretences
Gratuitous criticism, commentary or self-promotion
Any material which breaches copyright or privacy laws, or could be considered libellous
The use of the comments board for the pursuit or extension of personal disputes

Be aware:

Views expressed on the comments board are left at users’ discretion and are in no way views held or supported by Civil Society Media
Comments left by others may not be accurate, do not rely on them as fact
You may be misunderstood - sarcasm and humour can easily be taken out of context, try to be clear

Please:

Enjoy the opportunity to express your opinion and respect the right of others to express theirs
Confine your remarks to issues rather than personalities

Together we can keep our community a polite, respectful and intelligent platform for discussion.