Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
With over 30 practice areas, we have all bases covered. Find out how we can help
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Regulatory, business information and analytics solutions that help professionals make better decisions
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Discuss the latest legal developments, ask questions, and share best practice with other LexisPSL subscribers
Kuan Hon, a consultant lawyer at Pinsent Masons and a senior researcher on cloud law projects at Queen Mary University of London, explores the latest data security developments under the General Data Protection Regulation. This blog is written in her personal capacity only.
There is political pressure to finalise the draft General Data Protection Regulation (GDPR) before 2015 is out. Proposed by the European Commission in 2012 to modernise the EU Data Protection Directive (DPD), GDPR would spell major changes regarding security as well as other matters. Its final text won’t be known until it’s agreed in “trilogue” between the EU institutions, and significant differences between the European Parliament (Parliament) and Council of Ministers remain in certain areas. However, its overall shape seems reasonably clear. The GDPR would become law directly in all Member States as from its effective date – probably 2 years after its adoption. UK Deputy Information Commissioner David Smith predicts June 2018, or end 2018 as “a more realistic prospect”. 2018 may seem distant, but it would behove organisations to start thinking about GDPR’s impact now so that they are in a position upon adoption to set in train the substantial legal, operational and risk management changes that will be required.
What is the current position on security under the Data Protection Directive?
Currently, Member States must oblige controllers to implement “appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access…and against all other unlawful forms of processing”, and “Any person acting under the authority of the controller or of the processor, including the processor himself, who has access to personal data must not process them except on instructions from the controller, unless he is required to do so by law” (Arts. 16-17 DPD). In information security parlance, these amount to measures at least to protect confidentiality and integrity, and indirectly availability. Controllers must ensure a level of security
Access this article and thousands of others like it free by subscribing to our blog.
Read full article
Already a subscriber? Login
0330 161 1234