17th February 2012

Standardised European Data Protection Law Proposed

As part of modern life, we can lose sight of how much we reveal about ourselves to the world (think social networking sites and store loyalty cards).  For businesses and other organisations that make use of personal information, managing the use of the information lawfully can be a real headache, particularly for those with an international dimension to their business and multiple regimes to adhere to.

The European Commission has issued proposals to strengthen and simplify the existing data protection laws that apply across the European Union.  The intention is to boost Europe’s digital economy by reviving consumer confidence in their online privacy rights.  Introduction of a ‘one-stop shop’ for data protection is proposed to achieve that outcome by replacing the current fragmented and differing systems in each country.

As well as giving consumers greater uniformity of protection, the proposals will save business an estimated €2.3 billion a year in administrative costs.  While business will certainly welcome a standard approach across the EU, there will also be a concern to ensure that the desire to boost consumer confidence in online privacy rights does not detract from the efficient use of personal information for legitimate purposes.

The key reforms proposed include:

  • A uniform set of rules across the whole EU. Removing legal uncertainty and inconsistency across Member States, volumes of paperwork for businesses and overcoming a disincentive and cost to expanding businesses into new areas of the Single Market;
  • Companies will deal with a single national Data Protection Authority (DPA) in the EU Member State where they have their principal place of business, the DPA’s decisions will be binding across the EU area;
  • Serious breaches, such as theft or accidental release of data, should be reported to the DPA within 24 hours (if feasible) and to individuals without undue delay; and
  • Individuals to give explicit consent to data processing or reuse and they will have greater rights in terms of transferring personal data between service providers and deleting data which is no longer required

However, these proposals are only as good as the enforcement they receive (if they become law). DPAs will have stronger investigative and sanctioning powers, including the ability to fine up to €1m or 20% of global turnover of the company for breaches.

For companies which operate branches outside the EU, but contract with individuals within the Single Market, or process their personal details outside the EU, it is proposed that Binding Corporate Rules are introduced to ensure uniformity of protection, regardless of organisations’ internal arrangements.  BCR will be approved by one DPA only and considerably simplify the process.   

As with any EC legislative proposal, it will be years rather than months before the proposals are consulted upon, amended, voted upon and implemented.  However, the proposal does provide some hope that the regulatory burden on businesses trading across Europe may be eased somewhat in the future.

We will keep you updated with data protection developments, in the meantime if you would like professional advice about any of these matters please contact us at 01382 229222.

Kelly Craig
Solicitor – Corporate & Commercial

The opinions expressed in this site are of the author(s) only and do not necessarily represent the opinions of Blackadders LLP.

Blackadders takes all reasonable steps to ensure that the content of this site is accurate and up to date. The site is not, however, intended as a substitute for seeking legal or other professional advice but rather as an informative guide to the services provided by Blackadders and topical legal developments. Site visitors should always seek advice tailored to their specific situation. Consequently, Blackadders accepts no responsibility for any loss or damage suffered by anyone acting or failing to act on the basis of information contained on this site. Downloading of material contained on this site is at the user’s own risk and all necessary virus checks must first be carried out by the user. Blackadders is not responsible for the material found on any web sites linked to this one and links to this site may only be made with Blackadders prior consent.


Blackadders owns the copyright in this blog and all material contained on it. The material on this site may be downloaded for personal use only and must not be altered. Otherwise, Blackadders’ written consent is required before any material on this site is reproduced, copied or transmitted in any way.

Privacy Statement

Information passed to us via this site is kept confidential and will not be disclosed to third parties except if authorised by you or required by law.

© Blackadders LLP 2022

Members of the Law Society of Scotland.

Blackadders Solicitors is a trading name of Blackadders LLP, a limited liability partnership, registered in Scotland No SO301600 whose registered office is 30 & 34 Reform Street, Dundee, DD1 1RJ. Reference to a ‘partner’ is to a member of Blackadders LLP.

Back to Business Legal News from Blackadders Solicitors