European Commission announces data protection law reform

The European Commission has proposed reforms to the existing law on data protection, stating that individuals' data protection rights and the powers of enforcing national authorities are not sufficiently harmonised across the European Union. 

The Commission is proposing that the Data Protection Directive (95/46/EC) be replaced with a Regulation, thereby ensuring consistency across member states. 

The proposed new rules will improve the ability of individuals to control their personal data by, among other things, guaranteeing that individuals have easy access to data held on themselves, and reinforcing the right to information so that individuals understand how their personal data is handled. The rules will also strengthen the independence and powers of national enforcing authorities (which is the Information Commissioner's Office in the UK) "so that they are properly equipped to deal effectively with complaints ... carry out effective investigations, take binding decisions and impose effective and dissuasive sanctions", and enhance administrative and judicial remedies where data protection rights are violated. 

In relation to data security, the proposed rules will introduce a general obligation on data controllers to notify data protection authorities and the affected individuals of data breaches "without undue delay". Data protection authorities should be informed of breaches within 24 hours where feasible. The rules will also seek to enhance accountability by requiring data controllers to designate a data protection officer in businesses with more than 250 employees and businesses involved in processing operations that present specific risks to the rights and freedoms of individuals by reason of their nature, scope or purpose. 

The Commission has stated that it will work with the European Parliament and the European Council to ensure an agreement on the new framework by the end of 2012. 

Also

The data protection section of the XpertHR employment law manual explains the current law relating to data protection. 

The XpertHR how to section covers how to ensure employment practices meet the requirements of data protection law and how to manage the retention of employee data