The European Union is continuing discussions regarding new data protection laws that, if approved, would have ramifications for how companies manage and protect their customers' data. Among the effects would be a requirement that companies hire for a new role: data protection officer.
The Legislation
Key changes to current EU data protection laws is requirement that companies notify authorities and individuals about data breaches. The law would also give individuals the right to decide how their personal data is used, and require the appointment of a data protection officer (DPO) for businesses with more than 250 employees.
Think of a DPO as a sort of independent advisor responsible for overseeing all of the data that flows through an organization. According to the proposal, DPOs would have “expert knowledge of data protection law and practices.” Duties would also include processing citizens' data rights, ensuring and monitoring documentation of data usage, and notifying authorities and the public when personal data breaches occur.
Affect on U.S. Companies
The role of DPO doesn't yet exist formally in Europe or the U.S., though the most comparable position is a Chief Privacy Officer (CPO). The position isn't widespread, but it is common best practice among larger organizations to appoint a CPO to manage data protection and privacy concerns through a company's IT or legal department.
Current EU law forbids transferring personal data about EU residents to countries that do not meet EU data protection standards. In the past, U.S. companies went around this requirement by joining the so-called Safe Harbor Framework, which lets U.S. companies transfer personal data outside the EU so long as the companies self-certify with the Department of Commerce that they are complying with EU standards.
Under the new proposal, coverage would extend to companies that collect data from EU citizens but do not have established operations in the EU. If these new regulations pass, U.S. companies that process the personal data of EU residents would be subject to regulation. Violation of these rules could result in fines or property seizure, both in the U.S. and abroad.
The expansion of these laws would affect a large number of U.S. companies and could cause them to proactively hire DPOs to monitor the company's data policies.
Image via Can Stock Photo
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.