Skip Navigation

EU Data Protection Regulation set to advance

Bookmark and Share

December 23, 2015

Twenty years ago the European Union (EU) issued a Data Protection Directive, requiring all member countries to address data protection regulations. Though ahead of its time when created, it now fails to address many issues that have cropped up in the intervening decades.  In addition, because each country was left to develop their own rules, there were significant differences in the resulting rules, penalties and enforcement across the region.

Five years ago, the European Commission has been wrestling with a proposed initiative to create an EU Data Protection Regulation with considerable enhancements, including data breach notification and much larger penalties. Additionally, as a regulation, the member countries would have far less discretion than they did with a directive. Therefore, not only would the rules be much stronger, they would also be consistent across borders.

The aforementioned breach notification and stiffer penalties have received the most attention and push back, resulting in a protracted debate over the year.  It appears, however, that the new regulation is only one “perfunctory” step away from becoming a law, which is expected in 2016.

When ultimately passed, the dramatically increased liabilities will bring significant attention on data protection, including on the proper destruction of confidential information.


Click here to access the forthcoming EU Data Protection Regulation.