Data protection: Not just about personal data and compliance
From a hacker perspective, many organisations are still leaving the front door open and the windows unlocked. Failure to protect and handle data correctly can also result in punitive actions for companies participating in the digital economy. Wake up and get the knowledge to get protected.
The update of the existing law from 2001 is aimed at strengthening and modernising the rules by bringing them into line with the General Data Protection Regulation (GDPR) which was adopted in 2016, with the deadline for compliance set for 25 May 2018.
MEPs emphasised that the new rules should cover not only the EU institutions, but also bodies, offices and agencies to ensure a strong and coherent framework for data processing throughout the EU.
The new rules are aimed at ending the fragmentation of the rules for data processing by EU agencies, including those in the law enforcement sector.
To this end, MEPs included a specific set of rules for processing law enforcement data that is in line with the directive on data transfers for policing and judicial purposes, which was adopted at the same time as the GDPR and rules currently used by Europol.
To further strengthen transparency, MEPs want all EU institutions and bodies to establish their own central register of data processing and make the register publicly accessible. The MEPs also set clear provisions to limit the use of the data processed and to minimise data stored, specifying that inaccurate data should be erased or rectified without delay, in line with the GDPR.
The MEPs said the European Commission should be obliged to consult the European Data Protection Supervisor when preparing new legislative proposals. They also support the European Data Protection Supervisor being able to fine EU institutions, bodies or agencies that do not live up to the data protection rules.
“Most importantly, we want a single unified framework for processing personal data by EU institutions, bodies and agencies to ensure not only a high level of data protection, but also clarity for the individuals whose data is being processed,” said Cornelia Ernst, Civil Liberties Committee member and German MEP.
The Civil Liberties Committee passed the amendments to the new regulation by 45 votes to seven, with six abstentions. MEPs also voted to open up talks with the European Council. The decision will now be put to the Plenary in October for confirmation.