February 06, 2012
Businesses will be forced to take increased care over the way they store and destroy sensitive information under new reforms to European data protection laws announced this week.
In a speech by EU Commissioner, Viviane Reding, it was revealed that the revised EU Data Protection Directive will see pan-European regulation replacing the existing patchwork of 27 national codes, as well as giving citizens the right to control their data.
In turn, businesses will need to take greater steps to demonstrate compliance with data protection regulations, as well as increasing the penalties for non-compliance – with fines potentially reaching up to 5% of global annual turnover, a massive increase on the current £500,000 maximum for UK companies breaching existing data protection laws.
Under the new rules, public and private sector organisations with more than 250 employees must also appoint an independent data protection officer in order to safeguard against lost, stolen and breached data.
According to warnings from Shred-it’s Executive Vice President EMEA, Robert Guice, which deals with the destruction of sensitive information, many companies have “slipped back into bad ways” when it comes to terminating data.
“We saw a marked increase in business following the last increase in the powers of the Information Commissioners Office (ICO), but it seems that many companies and public sector organisations have slipped back into bad ways since,” he said.
“The new Directive published and the powers it will give to the ICO will hopefully serve as a timely wake-up call to any business that still does not have a proper data management and destruction system in place.”
