To illustrate how difficult (and slow!) it is to achieve change across all EU countries, we quote from a leading source:
"On 15 June 2015, the EU's Justice and Home Affairs Council (JHA) agreed a general approach to the proposed Data Protection Regulation adopted by the European Commission in January 2012 by majority vote. The approach is based on a text put forward by the Latvian Presidency after three and a half years of discussions at Council level. Austria and Slovenia did not support the approach.
The general approach will form the basis for the Council's negotiation with the European Commission and the European Parliament. Trilogues between the three institutions are due to start at the end of June with the aim of agreeing a compromise position that can then be adopted swiftly (hmm!) by both the Council and the European Parliament. Among other things, the institutions disagree about the extent to which member states should have the right to supplement the Regulation through national laws, the definition of consent, the level of fines that can be imposed on data controllers for data protection breaches and the establishment of a one-stop-shop for data protection enforcement".
This is seriously dull stuff, but we will continue to monitor "progress" and flag up to clients any practical consequences for the relocation industry which may emerge as the legislative journey continues.
A more immediate data protection challenge exists for companies which employ Russian citizens. Although there is still a lack of clarity around the new Russian law and its implementation date, it will soon be a legal requirement that any personal data collected on Russian citizens (e.g. for relocation management purposes) must be held on a server in Russia. We are hopeful that duplicate data on Russians can also be held elsewhere as part of a company's global database, but this is an issue, among many others, on which we all await clarification from the Russian authorities.