Is your business ready for the newly proposed EU data protection regulations?

5th February 2013 :: Data Security :: Author: Andrew Cope, Managing Director, Evergreen

Data cubeWere you aware that last week on 28th January it was Data Protection Day a.k.a. Data Privacy Day? Ahead of this now annual 'event', The European Union published a proposal to comprehensively reform the EU's 1995 data protection rules aimed at strengthening on-line privacy rights and boosting Europe's digital economy. Whilst the actual reforms may take up to 2 years to be fully implemented, votes on the first drafts of the new regulation are due to take place in the European Parliament in just a few months time, so now is a good time to take a critical review of your company's own database management procedures and test how robust and efficient they are.

Here are a few of the key issues the new regulation plans to address:

Right to be forgotten - One of the most talked about aspects of the proposed regulation is a strengthening of the 'right to be forgotten' rule. The new regulation would give individuals the right to request not just to be removed from mailing lists etc. but to have permanently deleted any information whatsoever stored about them. If you wished to continue to store any of their personal data, you would need to prove that you have legitimate grounds that override the interests of the individual.

Marketing Opt-in/opt-out and obtaining consent - The current proposal demands that to use an individual's data for marketing purposes, companies would have to obtain explicit consent from customers by 'a clear statement or affirmative action'. Companies would no longer be able to take for granted their customers consent to receive marketing information, just because they have had previous interaction with them. Obtaining opt-in ticked boxes from customers with regards to their communication choices will become increasingly more important, not just to define their preferences and target marketing more effectively but also as a legislative safeguard.

IP addresses - IP addresses are classed as personal data under the new proposed regulation, impacting on web analytics that can be gained by companies and making it more difficult to analyse a customer's on-line behaviour. Even though analytics just show an anonymous batch of activity from certain IP addresses, under the new ruling this would still be deemed as personal information. Categorising IP addresses as personal data would overlap with the current new Cookies legislation, meaning that a web visitor's personal experience would be marred by having to upload their details with each repeated transaction.

A ‘one-stop-shop’ – Under the new rule companies in the EU would be answerable to a single data protection authority (DPA), no matter how many EU countries they do business in.

Data Protection Officer for large companies - Companies with more than 250 employees would be required to be proactive and take measures to ensure compliance with data protection law by appointing a data protection officer.

Help is at hand!

If you haven't yet established a culture of monitoring, reviewing and assessing your data processing procedures, not to mention building in safeguards for all data processing activities, now is the time to do so, as responsibility of management of your company data lies entirely with your organisation. The proposed regulation currently also contains fairly austere responsibilities as to the documentation that needs to be maintained and implemented by those handling customer data.

Need help? Evergreen has the tools to help you manage your data more effectively. Our online software helps you improve responsiveness, manage systems and handle customer data more effectively without specialised applications. Our sophisticated on-line database software and years of expertise ensure a cost-effective solution that stays robust, scalable and up-to-date as your business evolves. With an Evergreen bespoke on-line software application, as well as saving you money and increasing your responsiveness in line with data protection values you can also:

  • View, edit and remove customer data, quickly, easily and efficiently.
  • Enjoy peace of mind with secure, centralised technology, keeping all your data stored safely in one place.
  • Protect against unauthorised access with our powerful inbuilt security.

Read more about how a bespoke on-line software application can further help your business.