The European Commission has set out its proposal to reform data protection laws that would mean organisations, including charities, would have to notify the data protection authority of a data breach within 24 hours of discovering it.
The proposals also include introducing one single set of rules to be applied across the EU; the stream-lining of reporting by ensuring that organisations will only have to deal with the data protection authority in the country that they have their main office (in the UK this is the Information Commissioners Office), and giving members of the public the right to access, transfer and delete data held about themselves.
Organisations processing personal data will also have to take more responsibility for ensuring that it is handled securely.
Viviane Reding, the Commission’s vice-president said: “My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information.”
Personal data includes a person's:
- Name
- Photo
- Email address
- Bank details
- Posts on social networking sites
- Medical information
- Computer’s IP address
The information commissioner for the UK, Christopher Graham, has welcomed most aspects of the proposals including making organisations that process data more responsible but was sceptical about the ability to regulate data that is processed outside of the EU.
The proposal will now be passed to the European Parliament and EU member states for discussion, and if adopted will come into effect two year’s later.
Last year the EU tightened up rules for websites storing cookies, text files that websites put onto a user’s computer to store information such as user preferences, without first obtaining consent. UK websites have to be in the process of complying with these rules by 25 May.
