It seems like we hear about new data breaches every week. Last year we saw shops, banks, restaurants and other companies lose data on customers, not to mention an epidemic of medical data breaches.
The European Union (EU) has been working on a new regulation which will apply one consistent set of requirements to all EU countries and all organisations that hold data on European citizens, even if the organisations are not based in the EU.
The proposed legislation will require everyone who holds data on European citizens to implement appropriate security measures to protect the data, which may include names, photos, email addresses, bank details, posts on social networks, medical information or a computer’s IP address.
It will also introduce fines of up to €100 million or 5% of annual turnover in the event of a personal data breach.
Sophos has put together a tool to help you check if your company will be compliant with the key areas of personal data security in the upcoming regulation. It’s free, and you don’t have to enter in any of your own details in order to access it.
Learn more about the new EU Data Protection Regulation, or click below to check if your company will be compliant.
The Regulation still needs to go through further steps before it becomes law but it’s widely anticipated that it will be adopted in 2015, so it’s worth making sure you’re compliant before the law is in place.
Steven
If an American doesn’t want to be subject to laws in a foreign country then they shouldn’t go there or store their information on said foreign soil. each local sovereign nation is just that, sovereign. The notion of a country extending its sovereignty to foreign soil in general or in specific cases such as data storage (read: ongoing Microsoft judicial case, American company on foreign soil) should be subject to only the law of the land they are operating within and any special and special treaties that exist between involved nations. These principles should apply to EU citizens. EU, keep your laws inside the EU but on foreign soil, take a long walk off a short pier! All you have to do is negotiate reciprocal treaties to get what you want LEGALLY and all these nations running amuck trying to impose their laws on foreign soil need to step back and look at getting their objectives done by writ of legitimate law which undoubtedly will require negotiation of mutual, reciprocal treaties. Not that respect of local laws on said local foreign soil seems to deter any nation these days from declaring that their laws apply if their citizen, EU, American, et al, is involved, at least in the area of data storage. Bizarre!
antonio
“The proposed legislation will require everyone who holds data on European citizens to implement appropriate security measures to protect the data, which may include names, photos, email addresses, bank details, posts on social networks, medical information or a computer’s IP address.”
dont know about you but this just seems common infosec sense …should be to all netcitizens not just europeans…..
Laurence Marks
Sometimes it’s overkill, Antonio. The Italian laws governing personnel records are extremely rigorous and specific regarding password length, password complexity, and very frequent password changes. At least one US Fortune 100 multi-national company imposed these requirements on all employees worldwide because it was easier to do than determine which employees and which computer systems had access to personnel records of its Italian employees.
paul
I understand that there are many instances of where California law is applied world-wide in this way. Two Facebook examples spring immediately to mind.
Scott more brains than legislators
Have all EU politicians and lawyers had their brains removed (or recently visited US politicians/lawyers)?
Anyone who thinks foreign legislation, from foreign legislators, in foreign nations has any jurisdiction over ‘others’ (eg. those not in your deluded jurisdiction) is basically thinking like a dictator or a terrorist.
Remember what EU stands for: European Union. I don’t live in your ‘europe’ and am not part of your union.
IT departments that take the “Global Compliance” approach to this sort of legislation need to seek a new career. You simply can’t adopt legislation globally and expect it to all work harmoniously. You’re building in ‘compliance’ costs and creating a legal minefield for your employer.
Paul Ducklin
If you want to do business (read: take money off) people in the EU, surely it’s not entirely unreasonable to suggest that you comply with the same regulations as a company in the EU would have to?
(Many countries do this. Try privately importing a car that has already passed stringent EU or Japanese safety tests – and is freely on sale in either place – into Australia, for example :-)
Especially when the motivation of the law seems to be the protection of the rights of the consumer…if you don’t agree with those consumer protection laws, maybe you need to find other consumers?
At any rate, to compare someone who thinks this might be an OK idea to “a dictator or a terrorist” is, IMO, bizarre. It’s a borderline infringement of Godwin’s Law.
ScottScott more brains than legislators
You missed the whole point.
Doing business in a jurisdiction is one thing, complying with unnecessary rules from other jurisdictions is another. If you want to run your company into the ground, just keep adopting every piece of legislation that’s dreamt up around the world.
Terrorists and Dictators TELL you that you have to comply with them, no matter where you live or whether it’s relevant.
Foreign legislators are doing the same thing: Telling you to comply with their legislation or suffer the consequences. You’re promoting and defending a piece of legislation that has no legal bearing on this country.
Hiding behind excuses of ‘it’s for our safety etc’ is rubbish. You may have well said ‘If you have nothing to hide….”
The legislation wasn’t written for this country, doesn’t apply to this country, and shouldn’t be blindly adopted on the advice of a company that makes money about scaring people in unnecessary compliance.
Tell Godwin to prosecute me for breaking his law…
Next you’ll suggest we should adopt Sharia law, because someone else, somewhere else, dreamt it up and wants us to follow them, and you have a compliance product to suit…..
Paul Ducklin
[This thread is now closed.]