There has been reports that the new EU Data Protection Directive (meant to be released Jan 2012) has been leaked. And guess what? There are at least two new changes that will shake up the EU (as if it hasn’t been shaken up enough already).
Article 27 states that there will be an obligation of controllers to inform their supervisory body and data subjects within 24 hours of any breach. This will mean that more people will be aware of those companies who suffer a breach, which could cause severe brand damage and suffer a loss in customer relationships.
Article 32 introduces a mandatory data protection officer for the public and private sector. This means that large organisations will have to make room for an internal data controller and assign appropriate measures to comply with the Directive.
(These two points will make a profound effect if true, but it is important to note that it is from a leaked version.)
Indeed – we’re not yet clear on what the implementation or transition requirements will be – i.e how this will pass from EU directive into national legislation……but it certainly raises the game for Data Protection….