In May 2011, a Europe wide directive was passed relating to data protection and processing of data. The directive (Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 for those who are interested!) set outs how information can and cannot be used by data controllers.
As with many EU directives, there is room for interpretation but I’ve outlined the basics of this particular directive below.
Know your obligations
As with all data protection related laws it is just as important for small businesses to know their obligations as it is for the big global corporations.
Firstly, according to the Irish Data Protection Office the new regulations apply to the processing of personal data in connection with the provision of publicly available electronic communications services in public communications networks in the State and where relevant the European Union, including public communications networks supporting data collection and identification devices.
As per previous regulations, adequate security measures and procedures should be in place to try and ensure the data is protected. This includes limiting access to a select number of individuals, saving only required data and processing it in a way that is fair.
Data retention and usage
Data controllers have been given a 12 month grace period, so in May 2012 the law comes into full force. Before then, it might be an idea to read up on the specifics and see exactly how your company will be affected.
Data breaches are not only a legal issue but also have the potential to ruin a companies reputation.
Post by Eric Hennelly Flanagan, www.sixdegrees.ie