Recent industry reports suggest many IT managers throughout Europe are not ready for the new EU General Data Protection Regulation (GDPR).
The GDPR aims to unify data protection laws to meet the challenges of the digital age and in particular, strengthen the protection of online personal data. When enacted into law, it will require all businesses handling EU residents’ data to delete personal information on request or when it is no longer required by the organisation and encourage the use of auditable deletion procedures for companies processing personal data.
Any business holding personal data on EU residents either on or off line must abide by the new rules and one solution will be to speak to a professional secure data destruction and erasure provider like us here at Recycle IT 4U where we can provide certificated Physical Shredding of Data (on or off site) or complete Electronic Wiping of Data.
Many businesses may not even be aware they are losing data and with heavy fines for non compliance it is important that organisations make provisions for their data security now as the EU Regulation proposal is likely to come into force by 2017.
The new EU Regulation will place stronger restrictions on companies’ data protection policies and systems. For starters, as it is a Regulation it becomes law in each EU Member State once it is passed and will replace the current Directive that has been in place since 1995. The Regulationwill further empower the Information Commissioner’s Office (ICO) with the EU’s backing to tell companies they must take action on data protection.
The European Parliament has approved the proposed legislation with the proposal now in the hands of the EU council to finalise and agree. The proposal will provide EU-wide regulations for data controllers and processors. In addition it will create a central EU authority that provides a single set of rules for all EU member states, as opposed to the current setup whereby each country deals with it themselves. In the case of the UK, it will supersede the current UK Data Protection Act (DPA).