PrivacyChecker: your business compliant with current and future data protection law

by Bart W. Schermer*

Privacy and data protection are high on the agenda of the European Union. At the moment, a major reform of the EU legal framework for personal data protection is underway: The General Data Protection Regulation. It is expected that the Regulation will enter into force in 2016. While there is still a lot of debate about the Regulation (some 4000 amendments have been proposed by the European Parliament), recent privacy scandals such as PRISM have sped up the legislative process.

The General Data Protection Regulation will replace the current Data Protection Directive from 1995 and will harmonise data protection rules across the different member states of the EU. The provisions in the Directive had to be implemented in national law before they took effect, but the Regulation will have direct impact and doesn’t need to be implemented. The Regulation sets new, strict requirements for organisations processing personal data and gives citizens more rights.

Among the new rules are strict requirements for businesses on accountability requirements, the appointment of a data protection officer, mandatory privacy impact assessments and implementing ‘privacy by design’. The penalties for non-compliance are severe: organisations risk massive fines up to €1.000.000 or 2% of the global annual turnover. Therefore, it is important to anticipate the arrival of the Regulation and to take precautionary measures where possible.

But most businesses are as of yet unaware of the new rules under the Regulation. In many cases they do not even know the rules under the current data protection directive. To help businesses become more aware of data protection law and strengthen their compliance, legal consultancy firm Considerati (www.considerati.com) has developed a free online tool: PrivacyChecker.eu. With this tool businesses can gain insight into their level of compliance with the current law and assess their risk under the new Regulation in a quick and easy way.

PrivacyChecker.eu is a good first step towards compliance with the upcoming privacy rules. In three little tests on Privacychecker.eu businesses can: 1) assess whether they need to do a privacy impact assessment, 2) see if they are in line with current data protection law, and 3) determine the height of the fine that they will receive under the upcoming rules if they do not change their business.

Each test is comprised of several short yes-or-no questions. Once the test is completed users get a free downloadable report with their results and the height of their potential fine. Of course all the tests are completely anonymous and no personal data is collected.

PrivacyChecker.eu is based on the official proposal of January 25, 2012. It is possible that the proposal will be revised. If so, PrivacyChecker.eu will be updated as well.

*Bart W. Schermer PhD LLM is Partner at Considerati

For more information: http://www.privacychecker.eu