The new EU General Data Protection Regulation, to provide greater harmonization of data protection rules across Europe, will be published on 26 January. So what?
Well, rather than being something radically different or new for organisations and data controllers to get to grips with, the new Regulation trumpets compliance with two of our existing data protection principles; Personal data shall not be kept for longer than is necessary, and Personal data shall not be transferred to a country or territory outside the European Economic Area (EEA).
For example, the much-heralded ‘le droit à l’oubli’ clause (‘the right to be forgotten’ apparently, although my school boy French was limited to ordering half a kilo of sausages with predictably hilarious results) will require person’s internet histories to be deleted after use (e.g. cookies) has incited some rather inflammatory statements in some areas. Data protection compliance has been likened to some onerous kill-joy…
View original post 366 more words