• United States



EU Data Privacy Directive

Aug 01, 20031 min
CSO and CISOData and Information Security

European countries have had privacy regulations for years. In 1995, the disparate rules were synthesized into the EU Data Privacy Directive, a single policy covering all 15 member countries.

It mandates that personal information must be:

Processed fairly and lawfully

Collected for specified and legitimate purposes only

Accurate and up-to-date; steps must be taken to rectify or erase incorrect data

Nontransferable to third parties without permission

Nontransferable to countries that lack adequate privacy protection

Protected by a corporate data controller (equivalent to the U.S. chief privacy officer responsible for ensuring that data practices are followed)

Processed only in cases where the subject has given clear consent