2013 Albrecht Report confirms Major Changes in EU Data Laws - Are You Ready?


Why do you need to act urgently even if you feel your data handling is compliant?

If you are a US headquartered company do you need to bother with these new EU laws and significant changes proposed?

2013 has already seen the frenetic pace of change from last year continue regarding new data laws and fines that will affect how all companies, regardless of business sector, use employee or customer data. The European Union, confirmed in the January 2013 Albrecht report, is indeed planning to dramatically amend its EU Data Protection Directive with a new Regulation.

This will tackle recent developments in social media, mobile apps and cloud computing as well as deal with a perceived serious lack of compliance thus far, particularly over use of customer data, lack of proper consents and more invasive marketing and advertising.

Some were hoping that after much discussion and lobbying some of the more serious proposals might be further watered down or deleted, such as the "nuclear" 2% of global turnover/revenue fine for serious breaches of EU data law. However, the recent report from the EU Parliament's Jan Philipp Albrecht confirms the perceived need for even tougher fine levels and more aggressive enforcement. This is all on top of recent changes which saw fines dramatically increased in a number of EU countries, for example in the UK with new powers to issue fines of up to £500,000 (approx $800,000) per breach, and increased fine levels being pursued in France, Spain and so on. These major fines are not theoretical or proposals. They have already come into force and are being used. The "nuclear" option will be in addition.

Other hopes from some in industry that new proposed rights such as that "to be forgotten" might fade away were also dashed. Businesses will have to consider seriously what the impact will be of such changes and also note that such proposals have also highlighted existing requirements, such as not holding onto data for longer than necessary, which are already law and which enforcers are looking to more closely. This, along with the new Binding Corporate Rules (BCRs) for data processors that took effect on 1 January 2013, are just some of the recent changes with respect to privacy in the EU that need immediate attention and consideration even if the business is not EU based.

This week many stakeholders are meeting in Washington DC to take part in a major conference (as is your author) on such issues and it will be interesting to see if the feedback from industry sessions makes its way into deliberations and further fine tuning of the proposed new Regulation. Some further twists and turns are likely but the core new elements will almost certainly not be going away. What is certain is that companies cannot assume they are fully on top of what is arguably the fastest moving area of the law currently. A review of where the business is now and identification of what needs addressing is without doubt a current business imperative.

For an overview of some of the recent changes click here to see a recent Legal Week article.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Pillsbury Global Sourcing Practice | Attorney Advertising

Written by:


Pillsbury Global Sourcing Practice on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.