Jan 30, 2017Industry insights,
Data protection - The new legislation
Following on from our recent article ‘Data protection - The current situation’, we look at what the General Data Protection Regulation (GDPR) is planning to change in order to bring the data protection legislation into the 21st century.
There are three main categories to the GDPR:
- Provide better end user personal data control
- Simplify the regulatory system
- The appointment of a data protection officer
I’m sure that unless you’ve lived in a bubble for the last few years, you’ll agree more needs to be done to ensure our personal data is stored and used responsibly. Businesses have been abusing a slack approach to personal data control for many years, with so-called opted in data being resold to third parties regularly.
The new legislation, that’s due to come in on the 12th April 2017, will create a single set of rules designed to give more control back to users and the use of their personal information – creating the right to be forgotten and large fines for a business that exploits these laws.
It also aims to clarify the law for businesses that are involved in data processing, i.e. collect, store, share, or sell data. At the moment, the legislation is not fit for purpose and some businesses have taken advantage of this fact. The new legislation will make it very clear what is acceptable and for businesses that fail to comply, the fines will be crippling.
For any business involved in data processing, they will need to consider if appointing a data protection officer is required. Each business will need to analyse their current use of data to assess if their usage is considered large scale, if it’s a core activity and if the appointment of this position is a requirement.
So how will businesses handle this new legislation and what are some of the finer details that might have more of an effect for businesses? Our next article looks to expand on these areas.