It is just over four years since Datonomy reported on the leak of the Commission's original DP reform proposals and, as most readers will have heard by now, last night the EU institutions reached political agreement on the General Data Protection Regulation. Agreement was also reached on the other part of the reform package, the less-reported-on Data Protection Directive for the police and criminal justice sector.  We do not have  final texts, although  key Council analysis documents of the compromise texts for both the GDPR and the Directive  have been leaked on  the Statewatch website, and this, combined with reports from sources in Brussels, gives us an indication of where the key aspects of the Regulation have ended up. Datonomy will of course be analysing the finalised  texts once these become available. What's next? When will the new rules be in force? The compromise texts will now  go back to the Council and the … Continue Reading ››
Late yesterday (7 December) the EU institutions reached a deal on the Network and Information Security Directive. The Directive will introduce new cyber security requirements for providers of key infrastructure, and oblige them to report details of cyber attacks to the authorities.  The deadline for bringing the new rules into force will be in Q3 2017. Businesses which fall within the Directive’s definition of “digital service providers” – including online market places, cloud computing and search engines – will also be subject to security and breach notification requirements. The final text of the Directive is still awaited. Datonomy will provide further analysis once the text becomes available. What’s new? On 7 December, after many months of trilogue negotiations, the EU institutions reached a compromise on the text of the NISD. The European Commission issued this press release and the Council of the European Union followed suit swiftly with this … Continue Reading ››