The big talking point in 2013, and widely regarded as being one of the big information security challenges for 2014, was the change to European Data Privacy rules. It will have significant impact on all organisations.
The need for the changes were launched in October 2013 by the European Council stating that
“It is important to foster the trust of citizens and businesses in the digital economy. The timely adoption of a strong EU General Data Protection framework and the Cyber-security Directive is essential for the completion of the Digital Single Market by 2015.”
The regulation will introduce the most significant change to Data Privacy since the creation of the 1995 European Data Protection Directive which in the UK became the Data Protection Act.
The new regulation was supposed to come into force in April 2014. So where is it?
Delays have occurred in agreeing the framework and governance for the new regulation. Cynics say that European ministers were keen not to rock the boat during the European Parliament elections in May this year. However, it was only in June that the Council of the European Union, formed of the relevant minsters, came to a consensus on some of the finer points of the regulation relating to data transfer and the territorial boundaries of regulation. The regulation is far from being agreed.
The latest rumors are that regulation will be introduced in December 2014 or early 2015. There will be a 2 year grace period for organisations to become compliant, somewhat beyond the vision of the Digital Single Market being completed by 2015. This story has the potential of rumbling on for many months to come.
We will cover developments and their implications in more detail in future editions of the Bridewell of Knowledge.
Other articles in the July Bridewell of Knowledge
Read the full Bridewell of knowledge July 2014