The new EU data protection regime is expanding its range relative to EU data protection regulations. The expansion is inclusive of companies working on an international basis who process data for EU citizens. (The law of course encompasses rules governing computer hard drive destruction too.) The expansion is relative in that it makes possible proper harmony of the data protective regulations throughout the EU. This harmonious effect makes it far easier for non-European organisations to comply with any type of regulatory requirement. The preceding said such harmonious effect comes at a price. There is a strict data compliance regime as part of the package. Critical penalties are imposed. Fines can amount to five-percent by Parliament. After negotiations between the European Parliament, the European Commission and the Council of Ministers, agreement has been concluded on the wording of the GDPR as well as any financial penalties imposed when an organisation does not comply. Readers are generally interested in knowing more about primary requirements of the European Data Protection Regulation. Information is provided below

Get more info on data destruction


The regulation is relative if the data-controller which is the person or organisation collecting data from EU residents or processor (the organisation processing data on behalf of the controller---i.e., Cloud Service organisations) is based in the EU. The regulation is applicable to companies based outside of the European Union--that is, if they collect and process the personalised data of EU residents. Personal data is any information relating to an individual in way of his or her public or professional life. The data can be a name, a home address, an image, an email address, banking details, posts on social networking sites, med info, or the IP address of a computer. The regulation however, does not apply to the processing of personal data relative to national security actions or that of law enforcement professionals. That said, the data protection reform package does include a separate data protection directive. The directive for the criminal justice section, provides rules regarding personalised data exchanges at the national, global and European levels.

One set of rules---applicable to all members of EU

The single set of rules setup is applicable to all EU member states. Each state establishes an independent supervisory authority or SA to listen to and investigate complaints authorise admin offences and coordinate joint operations. When the organisation possesses a number of establishments within the EU which it oversees it will have one SA or lead authority, based on the location of the primary establishment within the EU. The primary establishment is where the main processing occurs. The SA acts as a one-stop shop in the supervision of all of the processing activities taking place, of a particular business, within the EU. The European Data Protection Board or EDPB coordinates the actions of the Supervisory Authority. The EDPB replaces Article 29 Working Party. Exceptions for data processed in regard to employment and national security exist. The preceding areas may still be subject to the individual regulations of an individual nation.

The area of responsibility and accountability

Notice requirements remain in effect and are expanded. The preceding must include retention time for data of a personal type and contact info. Automatic individualised decision making inclusive of profiling is contestable. Persons now have the right to enquire and fight decisions made on the basis an algorithm.

Principles of data protection of primary importance

The data controller should design measures meeting the principles of data protection. Privacy requires that the protection of data is designed in such a way, that coordinates well with the development of operational processes for the purposes of business services and business products. The data controller must implement measures which prove effective, and be able to show compliance of proper processing activities---even when processing is performed by means of another data processor on the controller's behalf. Data protection assessments are conducted when certain risks occur relative to the rights of the data subjects. Risk assessment is required and approval of the DPA or Data Protection Authorities is essential relative to high-level risks. The data protection officers serve to ensure compliance within the corporation.

The law is quite involved and any compliance officer is well-advised to read as much about it, daily, in order to stay apprised of all the regulations that are now in effect.

Relative search terms computer hard drive destruction