New EU Data Protection Regulation

22 May 2012

The Key Proposals

On 25 January 2012, the European Commission proposed a comprehensive reform of the EU’s 1995 Data Protection Directive “to strengthen online privacy rights and boost Europe’s digital economy”.

The Commission aims for a genuine single law which will do away with the current fragmentation and which will help reinforce consumer confidence in online services.

The Key Proposals

The Commission’s proposals update and modernise the principles enshrined in the 1995 Data Protection Directive. Key changes in the reform include:

EU harmonisation: The new Regulation will apply directly across all EU Member States. This differs from the current position where the law is enacted locally by each Member State. The new approach is intended to remove the variations in how the current Directive has been implemented so as to ensure greater consistency of European data protection rules.
Notification: Unnecessary administrative requirements, such as the obligation to notify data protection activities to the data protection supervisor, will be removed. Instead of notification, the Regulation provides for increased responsibility and accountability for those processing personal data.
Consent: Wherever consent is required for data to be processed, it will to be given explicitly, rather than assumed.
Right to data portability: People will have easier access to their own data and be able to transfer personal data from one service provider to another. This will improve competition among services (eg cloud services).
Right to be forgotten: People will be able to delete their data if there are no legitimate grounds for retaining it.
Data breach notification: Organisations must notify the national supervisory authority of serious data breaches as soon as possible (if feasible within 24 hours).
Data protection officer: Organisations with more than 250 employees will need to employ a data protection officer.
Data processors: Will be directly liable for any breaches.
Application to non-EU businesses: The proposed Regulation would apply not only to companies based inside the EU but also to any company based outside the EU that is active in the EU market and offers goods and services to EU citizens.
Enforcement: Data protection authorities will be empowered to fine companies that violate EU data protection rules up to €1 million or up to 2% of the global annual turnover.

Timing

The European Commission’s proposals will be considered by the European Parliament and the European Council and will take effect two years after they are adopted. In view of the material changes and the tougher enforcement regime that is proposed, further developments should be monitored carefully.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.

Cookie	Duration	Description
foxwilliams.vuture.net_VxSessionId	session	No description available.
intEmailHistoryId	1 year	No description available.
VISITOR_PRIVACY_METADATA	6 months	Description is currently not available.

Cookie	Duration	Description
__cf_bm	1 hour	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

New EU Data Protection Regulation

Authors

Nigel Miller

Follow us online

New EU Data Protection Regulation

Authors

Nigel Miller

Follow us online

Popular insights

Direct(or) responsibility: 10 ways a director could be held personally liable in 2022

Dismissing directors – a guide to the key legal issues

Setting aside a settlement in a Tomlin Order