- Telecommunication Companies Must Report Data Mishaps Immediately - Data Protection Law
- October 28, 2013 | Author: Michael Rainer
- Law Firm: GRP Rainer LLP - London Office
- Once again, the EU is dealing with data protection. Under new EU regulations, companies must now report data mishaps within 24 hours.
GRP Rainer Lawyers and Tax Advisors in Cologne, Berlin, Bonn, Bremen, Dusseldorf, Essen, Frankfurt, Hamburg, Hanover, Munich, Nuremberg, Stuttgart and London www.grprainer.com/en conclude: The media have paid more and more attention to the subject of data protection in recent years. Quite often, they commented on the loss of data in the public and private sector. But especially, the loss of data becomes extremely acute when the number of affected customers is very large. Publicly accessible communication services are particularly vulnerable to such a danger. It therefore makes sense that it is now becoming mandatory for telephone and internet providers to report the loss of data to those affected and to the authorities within the specified deadline.
A legal foundation is EU Directive 2002/58/EU on the processing of personal data and the protection of privacy in the electronic communication sector. Yet in the past, its implementation by the various member states has apparently varied. That is why the new regulations of the EU Commission aim at a uniform procedure. The regulations are to provide explicit instructions on how communication services must behave in case of lost data.
As a rule, companies are to be given a deadline of 24 hours from the time when the enterprise becomes aware of the data loss. In a few exceptional cases, the deadline could be extended to 48 hours. In such cases, not only the current situation and the reasons for the loss would have to be explained, but also the data that were actually lost and any technical activities to be undertaken.
In case of extreme data losses in the form of email data, mailing lists or financial information, the operators of publicly accessible communication services must in future inform the affected parties themselves.
In addition to advantages, the new technical developments might also result in some disadvantages. One disadvantage could be the handling of data protection. That is why data protection has become a subject to be taken seriously.
More than ever, companies see themselves confronted with this problem. Particularly close attention must be paid in the communication sector.
In case of doubt, companies should seek legal help when developing their data protection guidelines. A lawyer with specific experience can examine the situation beforehand and avoid any confrontation with breaches of data protection laws.