The European Council has announced that EU data protection reforms will not be implemented until 2015. The General Data Protection Regulation, which was originally expected to be finalised by May 2014, will introduce a single data protection framework throughout the EU. It was previously anticipated that the data protection reforms would be finalised before the European Parliamentary elections in May next year.
The Data Protection Act was first introduced into the UK in 1984 and covered the use of paper records. In 1998 it was updated to include records held on computer. There are eight legal principles which organisations have to abide by when processing personal information which can include names, addresses, date of birth, bank details, etc.
- Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –(a) at least one of the conditions in Schedule 2 is met, and(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
The Information Commission website http://www.ico.org.uk/ provides independent advice and guidance about data protection and freedom of information.
The plan is to modernise the data protection legislation across the EU. David Cameron has sought to avoid a deadline being brought in as the government fears the implementation of the new legislation will damage business due to increased costs, but has now agreed to the date of 2015 as a compromise. Data protection law will be implemented consistently across all member states.