The General Data Protection Regulations (GDPR) is set to replace the Data Protection Directive and is expected to come into force in 2018, setting a new benchmark as the world’s most stringent data laws.
On 15th December 2015, the three European institutions agreed a historic reform of data protection regulations, establishing a harmonised, modern data protection framework to be implemented across the European Union.
We took the opportunity to catch up with Robert Clements of Assent Risk Management, who are experts in the field. See what we found out in our interview below.
What is the latest on the modification of the European Data Protection Laws?
The reform of the European Data Protection Laws officially took a step closer to completion in December of last year, when the final text for the General Data Protection Regulations was agreed.
How will the changes affect the UK and EU?
Plans reveal that the GDPR will replace the Data Protection Directive, which is currently legislated in the UK under the Data Protection Act 1998. It’s intended the changes will come into effect across the 28 EU member states, and replace domestic legislations enacted by individual member states.
Who will the changes have an impact on?
It’s likely that the new data protection regulations will affect the way European and non-European companies trade or store data inside Europe – affecting the ways in which they handle customer and employee data.
The average person will also benefit from more stringent laws; as the amount of personal data we allow organisations to store increases. Individuals will have more control over their data from credit card habits, social media activity and mobile devices, and so on once these changes are implemented.
Have there been any considerable debates during the reform?
The regulations will clarify the ‘Right to be Forgotten’, which has been widely debated throughout the process, including a right to know when your personal data has been hacked.
What’s the biggest change for business?
The new General Data Protection Regulations will increase the penalties companies will incur when they do not comply to €20 million or 4% of annual worldwide turnover for groups of companies; whichever is greater.
The requirements will also focus on ‘Monitoring Behaviour’ – where companies, technology and services track users’ online activities. In particular, this will affect ‘cloud’ based services which makes for an interesting political situation with America following the recent court judgement that invalidated the SafeHarbour Agreement between the EU and USA.
When should businesses start planning for the changes?
If businesses have not done so already, they should start preparing themselves for the changes now! Businesses should review the way they collect, store and share data with the new data protection regulations in mind. This will help businesses demonstrate ongoing compliance, along with having more awareness of avoiding potentially devastating fines and damage to reputation in the future when the changes come into place.
At a Glance: General Data Protection Regulation
The General Data Protection Regulation aims to enhance the level of data protection for individuals whose personal data is processed and to increase business opportunities in the digital single market; which will include a reduction in administrative burdens. The reform will include more specific rules for data controllers (those responsible for the processing of data), including the requirement of consent of the individuals concerned. Following the reform people now have a right to erase personal data and to ‘be forgotten’. To ensure proximity of legal redress, data subjects have the right for a decision of their data protection authority to be reviewed by their national court, irrespective of the member state in which the data controller is established.