Should they fall foul of the new laws, set to come into force when the UK rollout is in full swing, it could cost suppliers as much as £500 million each.
Speaking at an SBGI conference in London this week, Eduardo Ustaran, a partner with legal firm Field Fisher Waterhouse, said the regulation, currently in draft form, “gives very precise details” about how data is used and accessed.
“Anything suppliers do with data will have to be documented and available to consumers and regulators”, said Ustaran. Security breaches, such as third parties getting hold of data, “would have to be notified to the information commissioner and in some cases, to individuals,” he said.
Suppliers will also have to conduct data protection impact assessments to gauge the impact of their activities on data protection.
Even companies operating outside of the EU will be subject to the new law if part of what they do affects consumers within the bloc, Ustaran warned.
If they breach the new laws, suppliers would be liable to a fine of 2 per cent of global turnover. Firms like Centrica (£22 billion turnover in 2011) and Eon (£28 billion) would be looking at fines of around half a billion pounds apiece.
The regulation will be debated for the next 18 months. It could come into force by late 2015 or early 2016 – when the UK smart meter rollout should be in full swing.
However, Ustaran said it was “not all scary bad news” for suppliers. He said paperwork would be reduced because there would no longer be an obligation to register, and that a “legitimate interest” ground would be retained, so suppliers do not need individual’s consent to collect data if they can justify it.
Ustaran urged suppliers to engage in debating the draft over the next 18 months. “Anyone can contribute, perhaps this is a role for Energy UK,” he said.
For a succinct summary of the draft, see this link:
http://www.twobirds.com/English/News/Articles/Pages/Draft_EU_Data_Protection_Rules.Aspx