What is the GDPR and why do you need to know about it?

gdpr.jpg

Now, 21 years is a long time and you can do 7 undergraduate degrees within that time. So it is no wonder that within that period, the use of computers and the data this use creates has changed considerably, which, unfortunately, also means that the threat of cyber crime and subsequent data misuse has also increased.

Not only has technology changed immensely (and continues to do so), but the reliance on paper records has diminished. Funnily enough, floppy disks are no longer used (remember those!) and there are now a vast amount of storage options, as well as the mass use of social and professional media and the ongoing creation of Big Data, resulting in huge chasms in the 1995 legislation.

Some users have become somewhat paranoid and alert to the dangers of the growing risks and importance of data protection, being the savvy lot that they can be, however, the majority of everyday users (business or social) are still catching up to basic security measures.

A survey undertaken by the EU revealed that 74% of Europeans see disclosing personal information as an increasing part of modern life. But why are people giving away their personal information?

It seems that the most important reason to disclose this information is to access an online service. The most interesting result in this survey is the fact that 26% of social network users and 18% of online shoppers felt out of control of their own data.

So will new legislation allow these users to feel more in control? The answer is a big 'maybe'.

For the last three years, a new legislative structure has been formulated that is apparently set to ‘shake up’ the current data protection regime significantly, on a number of levels.

The legislation named the General Data Protection Regulation or GDPR, includes options such as the ‘right to be forgotten’, new rules on data transfers outside the EU, the implementation of data breach notification requirements and the introduction of much higher fines that are based on the percentage of a company’s annual turnover.

Points of interest

  • Businesses that breach the GDPR are subject to increased fines, which could be up to 4% of their annual global turnover
  • Measures to be taken to ensure data is protected from the start of the client engagement and into business services called a ‘privacy by design’ provision.
  • Contracts with clients must include a section on consent, as well as explicit consent being obtained for the collection and processing of data.
  • An independent Data Protection Office must be appointed in multinational companies; this role will require a breadth of knowledge that is required to manage the IT and Data systems and to be familiar with the legal aspects of the GDPR from a compliance PoV.
  • Even if an international company is based outside the EU, if data is held within the EU then they will also be subject to these regulations.
  • The ‘right to erasure’ is an aspect that will be interesting to see how it can work in a practical sense, as it will become the client’s right to request the erasing of personal data. It is up to a business to take the steps to understand how they can comply with such a request.
  • It is prohibited to transfer data outside the EU without the approval from a supervisory body.

What should you do if you want to transfer data now?

It has been advised that in this pre-GDPR time, that it is better to just avoid transferring data altogether, even though alternatives have been set out by the EU. A number of solutions have been made available to help with the problem of transfer, such as mobile e-discovery technology, predictive coding technology or e-discovery platforms and predictive coding, which can be used to ensure that relevant data is found quickly and deleted.

Transferring data across the pond looks to remain a complex legal process until the GDPR and Privacy Shield are fully confirmed and in place. 

However, the legislations are not concrete and may still change, even after going live. Even more so in the light of Brexit, how will the UK adhere to the GDPR and its new shiny facets?

With the vast amount of alternatives that are available, it should not be difficult to find solutions to processing essential data during this time of uncertainty and it will hopefully be a progression for all internet/data/app users feeling secure that their data is secure!

Don’t worry, your data is safe! Allegedly!

Haig&Co