Obligation to Report Data Leaks From January 2016

Cyber Security, National Security

Obligation to report data leaks from January 2016

Private and public organisations who process personal data are obligated to report misuse of this data as a result of data leaks from 1 January 2016. The objective of this new law is to better protect private data. The amendment was adopted in February by the Senate and in May by the Parliament.

The new law implies that the Board of Protection of Personal Data(CBP) can impose penalties in more data leak situations. Currently, CBP can only impose penalties for violations of administrative regulations, such as the obligation to notify the processing of personal data. From January 2016, CBP will have more fining powers. Penalties could also be imposed when violating general commitments concerning the processing and use of private data. For example, inaccuratly processing data, misuse or securing private data longer then necessary will be considered a violation and need to be reported to CBP.

The CPB recently published the data leaks concept regulation. Concerned parties can comment on the regulation for the coming four weeks.

Source: Duthler Associates