After reviewing the diverging data protection legislation in the EU member states, the European Commission (EC) decided that this situation would impede the free flow of data within the EU zone. The EC response was to undertake an effort to "harmonize" the data protection regulations, and it started the process by proposing a new data protection framework. This proposal includes some significant changes like defining a data breach to include data destruction, adding the right to be forgotten, adopting the U.S. practice of breach notifications, and many other new elements. Another major change is a shift from a directive to a rule, which means the protections are the same for all 27 countries and includes significant financial penalties for infractions. This tutorial explores the new EU data protection legislation and highlights the elements that could have significant impacts on data handling practices.

Learning Objectives:

• Highlight the major changes to the previous data protection directive
• Review the differences between "Directives" versus "Regulations," as it pertains to the EU legislation
• Learn the nature of the Reforms as well as the specific proposed changes—in both the directives and the regulations

Thomas Rivera has over 30 years of experience in the storage industry, specializing in file services and data protection technology, and is a senior technical associate with Hitachi Data Systems. Thomas is also an active member of the Storage Networking Industry Association (SNIA) as an elected member of the SNIA Board of Directors, and is co-chair of the Data Protection and Capacity Optimization (DPCO) Committee, as well as a member of the Security Technical Working Group, and the Analytics and Big Data Committee.