Keith Lipman, founder and president of Prosperoware, looks at the widening net of data privacy and cyber laws; the requirements that most privacy laws have in common; the steps that law firms and companies must take to comply; and the policies that must be in place to avoid you having “a really bad day.”
After three years of negotiations, this week saw the European Union take the significant step of agreeing new privacy legislation – the General Data Protection Regulation – which will bring Europe’s ageing data privacy regulation up to date for the modern technological era.
Sanctions for failing to comply with the new requirements include fines of up to 4% of worldwide annual turnovers. The new rules will introduce mandatory data breach notification for all, joint and several liability for suppliers (data processors); tougher restrictions on the use of profiling and the collection and use of children’s data; enhanced rights for individuals; and a requirement for most organisations to appoint a data protection officer. Plus, there will be more exacting requirements for organisations to ensure privacy by design and by default and to document their compliance with the new regime.
Unsurprisingly, this week the comments flooded in and here we bring you many of them in full.
To coincide with tomorrow’s Janders Dean Legal Knowledge & Innovation Conference in Johannesburg, South Africa, we have an excellent article on privacy legislation in South Africa from Symantec eDiscovery counsel Allison Walton.