Privacy Europe

Compliance

As individuals, we want to know that our personal information is handled properly, as we and others have specific rights in this regard. By adopting strong data protection methods organisations can not only improve their compliance but also deliver much wider efficiency savings.

Principles

Each automated process in a company using personal data such as HR, CRM, e-mail-systems, call centres or suppliers management, has to comply with the following principles:

  • purpose: there must be a written purpose for the data processing
  • publicity: processing must not be hidden; people have the legal right to get to know about which of their data are used for which purpose
  • rights of the data subject: each person can ask for data correction or deletion
  • security: companies must enforce measures to ensure data security, to avoid them getting stolen, damaged or lost
  • time limits: there must be a written and enforced time limit for personal data storage

Sensitive data

Moreover special rules apply to sensitive data, such as related to health, race, ethnic origin or religion. Particular attention should be given when using such data. More restrictive national rules often exist.

Data breach notification

Regarding security more and more European countries require companies to notify data losses or other illegal data use that might lead to a strong personal rights violation. Such notification will probably become mandatory soon in whole Europe - so it's time to prepare.

Privacy Documents

Compliance requires not only to check all of the above listed points but also to write them down. This documentation can be checked by the authorities at any moment - so it is wise to store such information in a permanent way.

Risks

Any failure to comply with the above rules can be punished by a fine or lead to other risks.

Sarbanes-Oxley Act (SOX), Basel II and other compliance systems

Most international companies have to comply with their domestic laws, such as Sarbanes-Oxley Act. Unfortunately, European philosophy ignore such concepts as whistleblowing. Using such systems requires special attention in most European countries - or can even be illegal in some others.

Privacy Europe | Services | European Network | Risks | European Privacy Framework | Compliance | Contact | About | Privacy Policy | Imprint © www.privacy-europe.com
All Rights Reserved.