Skontaktuj się z nami

New EU Data Protection Directive | How Will It Affect Businesses and Their Information Handling Practices?

The topic of personal data protection has always been somewhat controversial. On one hand we all have the right to privacy and sensitive data security, on the other possessing as much of our info as possible about us is a gold mine for businesses.

Even though, at the moment, there is quite a lot of bureaucratic measures to protect our data, they are rarely used, enforced or audited. Due to this lack of clarity and integrity, the European Commission decided to reform the regulation.

The Regulation is so important because we do need a clear and strong right to privacy and data protection especially during this time of digital progress. At the same time, it’s only fair to simplify regulations and processes for businesses in terms of data protection. It is estimated that €2.3 billion a year can be saved for businesses just by removing complicated administrative work around it.

It was also agreed between the European Parliament, the Council and Commission that they would implement what’s known as the Digital Single Market Strategy. Its main purpose it to enable businesses, individuals and governments to fully benefit from goods and services available online. Tearing down regulatory walls and moving from 28 national markets to a single one could contribute €415 billion per year to our economy and create hundreds of thousands of new jobs.

But back to the data protection. The Regulation has entered into force in May 2016 but will apply from 25 May 2018. May companies will need this time desperately to re-design their process according to the new rules.

Most importantly the data administrator and anyone handling such data should conduct a risk assessment regarding data loss or leakage. Then, preventive steps must be taken. Some tools serving such prevention may include:

  • Data encryption
  • Secure, fully tested systems
  • Regular process and system audits
  • The ability to backup data in case of its loss


Secondly companies will be obliged to report all incidents related to data security to appropriate authorities within 72 hours from such incident. All incidents should be properly documented. In order to be able to do that all businesses must ensure their IT systems are secure and resistant to data theft or leakage. It is therefore really importand to conduct regular security audit.

Does all of this mean that from now on businesses will present impeccable conduct in the data protection field? Let’s hope so. One thing is for sure – the potential penalty of up to €20 mln or 2% of the company’s total global yearly revenue – should be incentive enough.  

Let’s make sure to start our preparations now to avoid stress and any incidents connected with data protection.