New European Privacy & Data Protection Regulations Compliance or Consequences

Authors:

David Goodman, D.Phil
Principal Consulting Analyst

The EU wants to build a single market fit for the digital age by tearing down regulatory walls and moving away from 28 national markets to a single one in which the free movement of persons, services, and capital is ensured.

To complicate matters, the 15-year-old Safe Harbour agreement between the EU and the US is no longer valid because it does not offer sufficient protection to the fundamental rights of Europeans.

Updates to the European privacy rules relating to data protection and privacy are long overdue. New European privacy legislation will replace the current chaos in which each EU Member State has its own separate directive with a brave new world in which there will be one law across all of the EU implementing stiff penalties for violations. The new legislative landscape will require any business operating in Europe including US multinationals to make considerable changes to their privacy and data protection policies and strategies within the next two years in advance of the legislation coming into full force.

This document examines the current set of rules and the proposed legislation and what this will entail for European and US businesses responsible for any data relating to EU citizens, with recommendations on what actions should be taken as soon as possible to ensure compliance rather than face the consequences.