If you’ve been keeping up to speed with current news in the business world, you’ll have heard of the General Data Protection Regulations – or GDPR for short.
Coming from the European Union, the GDPR is an extension of Data Protection law which started with the Data Protection Act 1984, its successor in 1998, the Freedom of Information Act 2000 and the Privacy and Electronic Communications Regulations. It’s due to take effect across Europe on 25 May 2018 and applies to Public and Private sectors – with a few exceptions, mainly in Justice and Law Enforcement.
It means that businesses will need to ensure in the next seven months, that the way they manage their data doesn’t breach the Data Protection rights of their customers (or staff). In the main, these rights are the same as under existing Data Protection law but in some crucial areas, these rights have been expanded or even added to. I’ll cover some of the detail in a later article.
At this point you might be thinking that all of this will be overtaken by Brexit and the UK will avoid having to worry about this altogether.
If so, I have some bad news.
The UK Government has stated that GDPR will be implemented here as across the rest of Europe and will certainly stay in place until we leave the EU. What then happens depends on current negotiations but even here, there’s a glitch.
The issue is down to the fact that GDPR doesn’t just apply to businesses inside the EU but also to those outside Europe that offer goods and services to EU citizens. In short, for the UK to avoid GDPR, three things need to happen:
- The UK has to leave the European Union.
- The UK Government has to undertake not to implement GDPR into UK law post-Brexit.
- UK businesses must never deal with EU citizens ever again.
Item 1 appears settled, item 2 is still up for negotiation and item 3 might appear excessive. The best approach to GDPR therefore, is that we embrace it.
Why do I say this?
It’s because you need to step back for a second and think about why GDPR (and other Data Protection law) even exists.
The regulations are trying to achieve a situation where someone can look at your business and see clearly that you treat data as just much a resource as your money and staff. Ensuring you’re GDPR compliant gives people the confidence that you respect their data and are capable of controlling it. It also pays dividends for you too since when you don’t control something, it’s easy to be overwhelmed by it.
This is one of a series of articles on GDPR and where the path lies to compliance. To understand more about GDPR and how I can help you, contact me at firstname.lastname@example.org