EU Data Protection Directive

These recommendations are founded on seven principles, since enshrined in EU Directive 94/46/EC:

• Notice: subjects whose data is being collected should be given notice of such collection.
• Purpose: data collected should be used only for stated purpose(s) and for no other purposes.
• Consent: personal data should not be disclosed or shared with third parties without consent from its subject(s).
• Security: once collected, personal data should be kept safe and secure from potential abuse, theft, or loss.
• Disclosure: subjects whose personal data is being collected should be informed as to the party or parties collecting such data.
• Access: subjects should granted access to their personal data and allowed to correct any inaccuracies.
• Accountability: subjects should be able to hold personal data collectors accountable for adhering to all seven of these principles.

In the context of the Directive, personal data means "any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity" (Article 2a). Data is considered personal when it enables anyone to link information to a specific person, even if the person or entity holding that data cannot make that link. Examples of such data include address, bank statements, credit card numbers, and so forth. Processing is also broadly defined and involves any manual or automatic operation on personal data, including its collection, recording, organization, storage, modification, retrieval, use, transmission, dissemination or publication, and even blocking, erasure or destruction (paraphrased from Article 2b).

These data protection rules apply not only when responsible parties (called the controller in this EU directive) is established or operates within the EU, but whenever the controller uses equipment located inside the EU to process personal data. Thus, controllers from outside the EU who process personal data inside the EU must nevertheless comply with this directive. EU member states set up supervisory authorities whose job is to monitor data protection levels in that state, and to advise the government about related rules and regulations, and to initiate legal proceedings when data protection regulations are broken. All controllers must notify their governing authority before commencing any processing of personal information, and such notification prescribes in detail what kinds of notice is expected, including name and address of the controller or representative, purpose(s) of the processing, descriptions of the categories of data subjects and the data or categories of data to be collected, recipients to whom such data might be disclosed, any proposed transfers of data to third countries, and general description of protective measures taken to ensure safety and security of processing and related data.

Read more about EU Data Protection Directive: - For more information, please see the text of EU Directive 95/46/EC. - These Briefing Materials on EU Directive 95/46/EU include government documents, background, international responses, and a broad range of interpretations. - The US Safe Harbor guidelines were assembled to help American companies understand how to comply with requirements that EU Directive 95/436/EC poses.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Firms rush to hit PCI compliance, but cut elsewhere British businesses may be preparing for a worsening economy, but they are finally facing up to one area of expense that they cannot put off any... Slow take-up of PCI reveals deeper ills If companies were compliant with the Data Protection Act, the demands of PCI DSS wouldn't be too difficult. Enforcement and penalties are lacking. Software licensing presents issues, challenges for enterprises Experts say better software licensing controls can help enterprises spend funds more efficiently. One company shares how it did just that.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Basel II  (SearchSecurityUK.com) Basel II is an international business standard that requires financial institutions to have enough cash reserves to cover risks incurred by... Financial Services Authority  (SearchSecurityUK.com) The FSA (Financial Services Authority) is an independent, non-governmental body that regulates the financial services industry in the UK, including...