By Maximilian Clarke
Reforms announced today to European data protection laws will force businesses to take more care over the way they store and destroy sensitive and confidential information, says the European head of Shred-it, a leading information destruction company.
According to a speech by EU Commissioner Viviane Reding this week, the revised EU Data Protection Directive will see pan-European regulation replacing the existing patchwork of 27 national codes and give citizens the right to control their data.
However, the draft new law would also require businesses to take greater steps to demonstrate compliance with data protection regulations and increase the penalties for non-compliance fines potentially reaching up to five per cent of global annual turnover. Currently, in the UK, £500,000 is the largest fine that can be imposed on an organisation for breaching UK data protection laws by the government's data protection watchdog, the Information Commissioner's Office (ICO).
“We saw a marked increase in business following the last increase in the powers of the ICO (March 2010) but it seems that many companies and public sector organisations have slipped back into bad ways since,” commented The Executive Vice President EMEA of information destruction experts Shred-it, Robert Guice. “The Directive published today and the powers it will give to the ICO will hopefully serve as a timely wake-up call to any business that still does not have a proper data management and destruction system in place”.
It is expected that, under the new rules, public and private sector organisations with more than 250 employees must appoint an independent data protection officer in order to safeguard against lost, stolen and breached data. Their role will be to monitor whether the processing activities are carried out in compliance with the data protection policy and the new law.
Robert Guice advised organisations now needing to reappraise their information management regimes that “the first stage of ensuring your organisation is safe from the risk of data breaches and is compliant with the law is to draw up a data protection policy. And, although the safe disposal of electronic equipment such as hard drives, USBs and laptops has to be paramount, you will still need to be clear about how printed documents will be securely destroyed. All the firewalls and passwords in the world will prevent not the risk of paper documents being lost or stolen from insecure bins and ordinary disposal methods,” Mr Guice warned.
Join us on