 - EU Data Protection Directive (also known as Directive 95/46/EC) is a directive adopted by the European Union designed to protect the privacy and protection of all personal data collected for or about citizens of the EU, especially as it relates to processing, using, or exchanging such data. Directive 95/46/EC encompasses all key elements from article 8 of the European Convention on Human Rights, which states its intention to respect the rights of privacy in personal and family life, as well as in the home and in personal correspondence. The Directive is based on the 1980 OECD "Recommendations of the Council Concerning guidelines Governing the Protection of Privacy and Trans-Border Flows of Personal Data."
These recommendations are founded on seven principles, since enshrined in EU Directive 94/46/EC:
- Notice: subjects whose data is being collected should be given notice of such collection.
- Purpose: data collected should be used only for stated purpose(s) and for no other purposes.
- Consent: personal data should not be disclosed or shared with third parties without consent from its subject(s).
- Security: once collected, personal data should be kept safe and secure from potential abuse, theft, or loss.
- Disclosure: subjects whose personal data is being collected should be informed as to the party or parties collecting such data.
- Access: subjects should granted access to their personal data and allowed to correct any inaccuracies.
- Accountability: subjects should be able to hold personal data collectors accountable for adhering to all seven of these principles.
In the context of the Directive, personal data means "any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity" (Article 2a). Data is considered personal when it enables anyone to link information to a specific person, even if the person or entity holding that data cannot make that link. Examples of such data include address, bank statements, credit card numbers, and so forth. Processing is also broadly defined and involves any manual or automatic operation on personal data, including its collection, recording, organization, storage, modification, retrieval, use, transmission, dissemination or publication, and even blocking, erasure or destruction (paraphrased from Article 2b).
These data protection rules apply not only when responsible parties (called the controller in this EU directive) is established or operates within the EU, but whenever the controller uses equipment located inside the EU to process personal data. Thus, controllers from outside the EU who process personal data inside the EU must nevertheless comply with this directive. EU member states set up supervisory authorities whose job is to monitor data protection levels in that state, and to advise the government about related rules and regulations, and to initiate legal proceedings when data protection regulations are broken. All controllers must notify their governing authority before commencing any processing of personal information, and such notification prescribes in detail what kinds of notice is expected, including name and address of the controller or representative, purpose(s) of the processing, descriptions of the categories of data subjects and the data or categories of data to be collected, recipients to whom such data might be disclosed, any proposed transfers of data to third countries, and general description of protective measures taken to ensure safety and security of processing and related data.
 |
Learn more about Compliance Regulation and Standard Requirements |
| Basel II risk management and implementation tutorial: Learn where Basel II stands now and how it will likely change. If you're looking to comply with the standard, make sure you know about helpful frameworks that are available. |
| Compliance handbook author expects rise in security regulations: The sheer volume of security legislation can be mind-numbing, but a new book aims to pull together all of the relevant regulations and assist companies in their compliance efforts. |
| Firm Basel II risk management requirements needed now more than ever: Basel II experts say that stricter risk management rules and regulations for banks are just around the corner. |
| USB drive security project protects endpoints, aids CoCo compliance: Caerphilly Council, concerned about USB drive security, describes its search and implementation of a USB drive security product from Safend. |
| Council boosts compliance efforts with system log management app: To address compliance with CoCo, PCI and ISO 27002, a security officer at Surrey Heath Borough Council recently tried a network log management application. |
| Tokenless two-factor authentication helps council with CoCo compliance: Instead of equipping remote workers with security tokens, a Scottish council has found a cost-effective way of sending authentication codes to its employees' mobile phones. |
| PCI DSS requirements still baffling as compliance deadline approaches: The September 2010 PCI DSS deadline is fast approaching and according to some merchants are still struggling with the requirements. |
| New products aim to streamline compliance efforts: Having trouble keeping up with SOX, Basel II and PCI? Two companies are promising to help organizations gain control of their multiple compliance responsibilities. |
| Employee security training for Data Protection Act compliance: Data Protection Act compliance can be difficult to manage, but if employees have no awareness of how to handle sensitive information, it becomes impossible. |
| PCI compliance UK: The future of European merchant PCI compliance: This PCI DSS UK compliance guide offers advice on how to achieve merchant PCI compliance with expert advice and real-world case studies. |
| Quiz: PCI DSS compliance -- Two years later: A five-question multiple-choice quiz to test your understanding of the content presented by expert Diana Kelley in this lesson of SearchSecurity.com's Compliance School. |
| PCI DSS Requirement 1: Install and maintain a firewall configuration: Simply installing a firewall on the network perimeter won't necessarily get you past PCI DSS Requirement 1. Craig Norris explains the extra work that needs to be done. |
| PCI DSS Requirement 10: Track and monitor network access: Many organizations must manually track each system's log files to comply with PCI DSS. In this guide, Craig Norris explains how to pass PCI's troublesome tenth requirement. |
| LAST UPDATED: |
10 Jan 2008
|
 |
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
|
More resources from around the web:
|
 |
 |
| |
RELATED GLOSSARY TERMS
| Terms from Whatis.com − the technology online dictionary |
 |
Basel II
(SearchSecurityUK.com)
Basel II is an international business standard that requires financial institutions to have enough cash reserves to cover risks incurred by...
|
|
Code of Connection (CoCo)
(SearchSecurityUK.com)
In the U.K., the Code of Connection (CoCo) is a mandatory set of requirements that must be demonstrated before local authorities in England and Wales...
|
|
|
Show me everything on 