Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 22 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

EU Parliament announce major changes to draft Data Protection Directive

by The Gurus
November 22, 2013
in Editor's News
Share on FacebookShare on Twitter

The European Parliament has voted in favour of the new Data Protection Directive, with approval for fines to be raised from two to five per cent of global turnover.

In an email sent to IT Security Guru, Unilever global privacy officer Steve Wright said that the main pillars of the draft are being supported by the EU, and the regulation is also moving to the proposed “one-stop-shop” of a single regime.
Wright said: “These new requirements include the ‘right of erasure’, data responsibility changes, appointing a privacy officer, new accountability, mandatory breach notification, new sanctions and much more – all of which (according to the EU Commission) will add ‘trust’ to the digital economy.”
He also confirmed that a vote to raise fines for data breaches was to be raised from a proposed two per cent of global turnover to five per cent, or €100 million (£85 million).
While the draft regulation has still yet to be adopted by member states, the EU Justice Commissioner Viviane Reding said that this will allow two years for compliance to be demonstrated, while risks such as spying and criminal elements need to be considered as part of an over-arching prevent, detect and response strategy.
“The European Parliament has just given its full backing to a strong and uniform European data protection law that will cut costs for business and strengthen the protection of our citizens: one continent, one law,” said Reding.
“Tonight’s vote also sends a clear signal: as of today, data protection is made in Europe.”
Reuters reported that negotiations with EU member states and the European Commission on the law are to start later this year, or early in 2014, when EU leaders will discuss the issue at a summit in Brussels later this week. The aim is to have the legislation agreed before May, when the assembly breaks up and new European Parliament elections are held.
Eduardo Ustaran, partner at Field Fisher Waterhouse, told IT Security Guru that he felt that this was a “really measured draft” and while he felt that there were some “unreasonable restrictions” on data flows, he called it a “very complex piece of legislation”.
He said: “The right to be forgotten has been replaced with the right of erasure, so it is a bit more realistic than what was published in January 2012 which was so draconian. What has appeared now has some unrealistic elements, but it is much more credible, so it is more for search engines and social networking sites.”
Asked about the change in fine level, Ustaran said it was a massive change. “What they are trying to do is send a signal out to bug multi-nationals saying ‘don’t get it wrong as the consequences are serious’,” he said.
Amar Singh, chair of the ISACA UK security group, said: “The new directive is certainly going to grab the attention of every CEO and business owner. The obvious plan of action for those who do not want to be awarded the ‘made example of’ badge is to start planning now.
“Some practical steps should include: understand the gaps and risks (with the data protection context) and start looking for a long term in-house governance, risk and compliance team or outsourcing this function to a firm who can manage this critical function.”
Singh also predicted an increase in usage data at rest encryption technologies and a greater assurance from cloud vendors.

Dwayne Melancon, chief technology officer, at Tripwire: “Countries have been given two years to put the EU directive into place and organisations should be using this time to tighten their security programs; ensure that incident detection and response processes are in place and effective; and harden their systems, applications and networks to reduce the risk of breaches.
“The size of the fines connected with the directive are so big they will definitely get the attention of CEOs and boards. It is incumbent upon senior business executives to seek clear answers about security risks from information security leadership to ensure appropriate steps are taken to enable compliance with this Directive before it takes effect.”
Ustaran said that this is by no means the final draft, as the European Council will be next to run over the details and make their decisions. “The pressure is now on the Council as they need to produce a draft this side of Christmas and before April to negotiate the final text and it is a massive task in five months to agree on something as high profile as this, but I believe that it will happen as it is too important,” he said.
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Google announces plans to offer anti-DDoS service

Next Post

Jericho Forum announce "sundown" after ten years of work

Recent News

Ferrari Data Breach: The Industry has its say

Ferrari Data Breach: The Industry has its say

March 22, 2023
security

What Is Observability, And Why Is It Crucial To Your Business?

March 21, 2023
Organisational Cybersecurity.jpg

How Emerging Trends in Virtual Reality Impact Cybersecurity

March 21, 2023
Nominations are Open for 2023’s European Cybersecurity Blogger Awards

Nominations are Open for 2023’s European Cybersecurity Blogger Awards

March 20, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information