Knowledge Peers

The new EU Data Protection Regulation is on the way. Here are 6 issues you should be aware of to help you manage your data security risks:

1. The new Regulation will sweep aside the question of whether or not a cloud provider trading under its standard terms is a “controller” caught by the legislation – it will be caught either way.
2. One key benefit is that cloud providers will primarily be governed by the data protection authority in their “main establishment” in the EU. You won’t have to go to the authority in each EU country.
3. The approach to data protection in Germany should liberalise. Unless Merkel’s plans for even greater protection go through.
4. The requirement to report data breaches plus the hefty fine should see an increase in data security among those who don’t already do this. 2% of global turnover is a high price to pay if you breach data rules.
5. There is also the much maligned “right to be forgotten” – is this really workable in the cloud sector?
6. Contrary to what some people say, the new Regulation is not the EU’s answer to the USA Patriot Act, although the NSA / GCHQ snooping have stimulated debate on this point separately.