Skip to main content
Facilitate Magazine: Informing Workplace and Facilities Management Professionals - return to the homepage Facilitate magazine logo
  • Search
  • Visit Facilitate Magazine on Facebook
  • Visit Facilitate Magazine on LinkedIn
  • Visit @Facilitate_Mag on Twitter
Visit the website of the Institute of Workplace and Facilities Management Logo of the Institute of Workplace and Facilities Management

Main navigation

  • Home
  • News
    • Comment
    • People
    • Reports
    • Research
  • Features
    • Analysis
    • Features
    • Round Tables
    • Webinars
  • Outsourcing
    • Contract Finder
    • Contracts
    • FM Business Models
    • Interviews
    • Mergers & Acquisitions
    • Opinion
    • Procurement
    • Trends
  • Know-How
    • Explainers
    • Legal Updates
    • White Papers
  • Jobs
  • Topics
    • Workplace Services
      • Hospitality
      • Catering
      • Cleaning
      • Front of House
      • Grounds Maintenance
      • Helpdesk
      • Mailroom
      • Manned Guarding / Security
      • Pest Control
      • Washroom Services
      • Disaster Recovery
      • Specialist Services
    • Professional Performance
      • Behavioural Change
      • Continual Professional Development
      • Education
      • Management
      • Recruitment
      • Training
    • Workplace Performance
      • Benchmarking
      • Health & Wellbeing
      • Operational Readiness
      • Procurement
      • Security
      • Workplace User Experience
      • Workplace Culture
    • Compliance
      • Health & Safety
      • Risk & Business Continuity
      • Standards
      • Statutory Compliance
    • Building Services
      • Architecture & Construction
      • Asset Management
      • Building Controls
      • Building Fabric
      • Drinking Water
      • Fire Protection
      • HVAC
      • Landscaping
      • Mechanical & Electrical
      • Building Security
      • Water, Drainage & Plumbing
    • Technology
      • Building Information Modelling
      • CAFM
      • Data & Networks
      • Document Management
      • Information Management
      • Internet of Things (IoT)
      • Software & Systems
    • Energy management
      • Energy Management Systems
      • Electricity
      • Gas
      • Solar
      • Wind
    • Sustainability
      • Environmental Quality
      • Social Value
      • Waste Management
      • Recycling
    • Workspace Design
      • Agile Working
      • Fit-Out & Refurbishment
      • Inclusive Access
      • Lighting
      • Office Interiors
      • Signage
      • Space Planning
      • Storage
      • Vehicle Management / Parking
      • Washroom
    • Sectors
      • Corporate Office
      • Education
      • Healthcare
      • Manufacturing
      • International
      • Retail
      • Sports & Leisure
      • Regions
  • Buyers' Guide
Quick links:
  • Home
  • Topics
Know How
Legal Updates
Compliance

EU data protection guidelines

Open-access content Thursday 10th January 2013 — updated 2.38pm, Tuesday 5th May 2020
Christian Toon
New rules governing data protection are on the horizon. Christian Toon analyses the implications of the legislation, and explores the central role of the FM in safeguarding data.

14 January 2013

Today, we entrust businesses and public sector organisations with our most personal data.


In return, we have a right to expect that our details are treated carefully and responsibly. Yet despite the growing scrutiny from the authorities and the media, and the subsequent increase in high-profile reporting of data breaches, organisations across Europe continue to lose and accidentally destroy personal and confidential data.

In response, EU citizens are becoming increasingly concerned about who holds what information and how securely this information is held - and rightly so.

Time for a rethink
Viviane Reding, European Commissioner for Justice has decided it is time for an overhaul of European data protection legislation. Her draft European Data Protection bill, announced last January, seeks to introduce more stringent rules and regulations, aimed at boosting protection and privacy for the individual; the organisations handling our data will face an increased burden of responsibility and accountability as a result.

The objective is that the rules be implemented with consistency and clarity across all European Union member states. It is hoped they will also apply to organisations based outside Europe that do business within the community.

The new legislation will replace the EU Data Protection Directive 95/46, an important component of EU privacy and human rights law, under which organisations in both the public and private sector have been operating for thirteen years.

The legislation would be good news for organisations in a number of ways. It would reduce bureaucratic compliance requirements for many organisations and provide a single set of compliance laws across Europe. At the same time, it would impose a greater responsibility on organisations to protect against and acknowledge data breaches. However, this would imply stiffer penalties for organisations that fall short of the legal requirements.

This is no bad thing. Facilities managers need to play a central role in stopping the flow of sensitive information leaking out of organisations. They need to ensure that the right information policies and procedures are in place. All too often, it seems that organisations are mopping the floor after the leak. It's about
time someone got up and turned off the tap.

Far-reaching impact
In particular, the draft EU proposal includes four requirements that would, if adopted, have a far-reaching impact on facilities managers. The first of these is the mandatory notification of breaches.

This recommends that both the relevant Data Protection Authorities (DPAs) and all affected individuals have to be notified within 24 hours of a data security breach, including unauthorised destruction or loss. The data protection authorities must be notified even in the absence of any risk of harm to data.

The devil's details
This requirement raises a number of important questions including the need for data breach thresholds: does this requirement apply to the loss of a single record, for example, and would there be a longer time limit if the data breach involved the loss of millions of customer records? It also raises the question as to whether public and private sector organisations would be able and indeed willing to self-regulate.

The second requirement is that all public and private sector organisations with more than 250 employees, have a named data protection officer. This could have significant resource, training and recruitment implications for many organisations. One option could be to add the responsibility to the remit of the facilities manager.
Thirdly, the proposal opens the way for significantly increased fines.

Under the draft legislation, regulatory authorities would have the powers to impose fines of up to £1 million - or two per cent of turnover for private sector organisations - for failures to comply with the regulation.

That the EU is prepared to authorise this level of punishment highlights just how serious data protection is to be taken. Last, but not least, the draft bill seeks to give individuals the 'right to be forgotten'. In essence, it states that individuals should have greater control over their data and be allowed to demand the removal or deletion of personal records from any organisation that holds them.

If adopted, this requirement would have immense resource implications for organisations and could be time-consuming and complex to implement, particularly where it relates to the fast-moving world of social media. However, the small print suggests that this right is a 'qualified' one.

It remains to be seen how much of the draft proposal makes it into the final legislation; but the announcement of the plan has given facilities managers a valuable opportunity to take on new responsibilities and enhance an organisation's information handling policies. We must seize that opportunity now, rather than waiting for the new EU legislation to be finalised and to come into effect.

By then it will be too late.
Also filed in:
Topics
Know How
Content
Legal Updates
Compliance

You might also like...

Share
  • Twitter
  • Facebook
  • Linked in
  • Mail
  • Print

Today's top reads

 

Latest Jobs

Project Leader (Maternity Cover One Year Contract)

Cambridge
Circa £50,000 Pro Rata + Benefits & Opportunities
Reference
56378

Maintenance Supervisor

Surrey
Up to £43,000 + Excellent Package & Opportunities
Reference
56376

Regional Facilities Manager

South West England
Circa £40,000 + Benefits & Opportunities
Reference
56375
See all jobs »

 

 

Sign up to our newsletter

News, jobs and updates

Sign up

Subscribe to print

Sign up to receive our bi-monthly magazine

Subscribe
Facilitate magazine cover, June 2020
​
FOLLOW US
@Facilitate_Mag
Facilitate Magazine
Facilitate Magazine
CONTACT US
Contact us
Tel: 020 7880 6200
​

IWFM

About IWFM
Become a member
Qualifications
Events

Information

Privacy Policy
Terms & Conditions
Cookie Policy
Think Green

Get in touch

Contact us
Advertise with us
Subscribe to Facilitate Magazine
Write for Facilitate Magazine

General

IWFM Jobs
Help

© 2022 • www.facilitatemagazine.com and Facilitate Magazine are published by Redactive Media Group. All rights reserved. Reproduction of any part is not allowed without written permission.

Redactive Media Group Ltd, 71-75 Shelton Street, London WC2H 9JQ