Be prepared. New EU data protection regulations set to turn the screws.

The UK has recently started enforcing the amended Directive on Privacy and Electronic Communications, better known as the E-Privacy Directive, causing waves in data protection regulation.

This data protection legislation requires consent for all non-essential tracking of individuals as they use the Web. There are also critical updates to statutes dealing with the protection of personally identifiable information (PII).

With the original bill being drawn up before the advent of cloud computing (or even Google search for that matter) the new version seeks to protect information in a world without geopolitical barriers.

17 years ago less than 1% of Europeans used the internet. Today, vast amounts of personal data is being transferred and exchanged across continents and around the globe. The new e-Privacy directive legislation is expected to have a substantial effect on all organizations that operate or focus on Europe, dramatically increasing the regulatory burden on such organizations to achieve compliance.

The stakes are also raised in terms of fines and brand-damage arising from non-compliance to these new data protection regulations.

The new regulations outlined with regards to data protection and privacy control will heavily impact online businesses in the UK, introducing potential threats to online business models where steps aren’t taken to ensure compliance. The Electronic Privacy Directive has been created and enforced to address the requirements and data privacy concerns around new digital technologies. The law further applies to how companies and website owners use cookies and similar technologies for storing information on a user’s equipment such as their PC or mobile device.

The leading purpose of the e-Privacy directive is to provide increased security of online services and is addressed to providers of electronic communications services. Companies are now obliged to inform subscribers to their services of particular risks including viruses or malware attacks.

The second general obligation is for data confidentiality to be ensured and maintained. The directive prohibits any kind of interception or surveillance of communication or related traffic unless consent has been fulfilled.

If consent is given, organisations should ensure that they effectively protect this data from theft or loss, and employ correct data protection procedures and policies are followed. (Find out more about Cibecs data protection software.)

These changes in data protection regulations should be a warning to companies that without effective research into and understanding of compliance requirements with regard to organisational and customer data, harsh penalties and reputational damage could be the consequence.

• Read how this new law, and its E.U. derivative impacts cloud service providers and organization(s) wanting to do business with E.U. and UK residents.

Read more on CIO.com