GDPR: The big digital changes that are on the horizon
A busy week at EGB is coming to an end and we are all relieved that we have managed to get everything done. “Why are you so busy?” I hear you ask, I can’t really say too much yet but all will be revealed in an upcoming blog. Unfortunately, you will have to wait a few weeks to find out, but I will give you a small hint, change is on the horizon. On the topic of change (I am sure you could see that segue coming) there is far bigger and more wide-reaching change coming in 2018. The General Data Protection Regulation (GDPR) is coming into force in the UK on the 25th of May and it will completely change the way that data is kept.
One of the major changes for organisations is how consent is given for the processing of information. When consent is being requested, it must be made clear what information is being stored and the reason for storing it. Consent has to be given in a positive manner, which means that a specific action needs to be taken to give consent. This means that consent cannot be based on Silence, Inactivity and pre-ticked boxes, which can be caused by consumers missing the option to opt out. Consent has to be verifiable, so if proof was requested it could be provided to show that consent was received. There also needs to be a system in place that allows consumer’s whose data has been stored, to revoke consent in an easy manner.
The GDPR will give a lot of control to the consumer in regards to the data which is being stored about them by an organisation. This control comes in a list of rights that the individual has over the data. To name a few; the right to access the information that has been stored, the right to be informed about the information that is stored, and the right to have the information erased. There are instances where these may not have to be abided by but that is very circumstantial compared to the existing rules in place.
The changes that the GDPR bring are wide spanning and complex, so much so that it is suggested that it would take around 15 months to properly prepare an organisation. There is a high chance that many businesses and organisations are going to need data protection specialists to help them prepare for the new rules. This is especially so as there is a requirement for certain organisations to have a Data Protection Officer to oversee the data handling processes and ensure compliance is kept.
The punishments for failing to meet the GDPR can be significantly more severe than the current punishments under the Data Protection act. Initially a warning would be sent to the organisation but if there are repeated or intentional infractions it can rise to a 20 million Euro fine or 4% of Annual Worldwide turnover, whichever is greater. So, we hope and expect to see some roles for data protection come in as organisations which will want to stay clear of these lofty penalties.
While the GDPR is an EU regulation it will apply to any and all businesses that deal with EU Citizens. This means that even after Brexit these rules would still apply to many business and organisations in the UK. What are your thoughts on the new regulations, Bureaucratic Nightmare, a safeguard for consumers or maybe it is somewhere in the middle instead? Whatever your thoughts, let us know in the comments below!
Thank you for reading,