This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Jean-Yves Gilg

Editor, Solicitors Journal

Legal uncertainty is creating a laissez-faire attitude towards data protection in Europe

News
Share:
Legal uncertainty is creating a laissez-faire attitude towards data protection in Europe

By

Businesses cannot afford to keep a low profile and ignore data protection compliance, say lawyers

A new survey of European data protection lawyers has revealed that most businesses aim to keep a low profile with regulators against a background of red tape.

The survey by Penningtons Manches into the current trends and perceptions about data protection regulation across Europe indicates that businesses are aiming to stay under the radar amid uncertainty about the forthcoming new legislation.

One anonymous respondent to the survey said: 'Legal uncertainty makes it virtually impossible for most businesses to live up to every word of the law which, in turn, leads to a laissez-faire attitude towards data protection. The main concern for companies seems to be to "stay under the radar".'

Commenting on the findings, Jo Vengadesan, a partner in the Penningtons Manches' data protection and privacy team, said: 'Although the survey findings indicate that businesses are trying to keep a low profile, data protection is now firmly on the public and political agenda. With the threat of huge fines for non-compliance with the impending EU Regulation, organisations cannot afford to ignore data protection compliance and it should be treated as a priority for all businesses that process personal data.

'Robust compliance with the current legal framework will put an organisation in good stead to deal with the anticipated new laws and will help to create a culture of privacy awareness and good practice that will be key to compliance.'

The three most significant issues currently affecting lawyers and their clients' data protection practices are the restrictions placed on businesses by a plethora of rules and regulations; the challenge to keep up to date with the regulations; and the transfer of data outside the EEA.

Respondents to the survey said that the four industry sectors most heavily targeted by regulators over the past 12 months were health, marketing, finance, and technology.

Other headline findings in the survey include:

  • 80 per cent of respondents believe that businesses regard the data protection law in their country as bureaucratic;

  • 87 per cent of respondents agree that their clients have become more aware of their obligations over the past year;

  • 66 per cent of respondents said that their clients are worried about 'having appropriate data protection and security policies in place';

  • 60 per cent are worried about 'transferring personal data outside of the European Economic Area (EEA)';

  • A third of respondents believe businesses are concerned about the restrictions on direct marketing activity and the need to obtain consent;

  • The most common breaches of data protection law identified by respondents are the failure to have required policies and contracts in place and the failure to identify personal data;

  • Over half of respondents said that the data protection regulator in their country had not issued guidance on how it deals with complaints relating to the handling of 'right to be forgotten' requests; and

  • Almost three quarters of respondents think that the data protection regulator in their country has sufficient powers to act against nuisance calls.