GDPR - an evolution in data protection
GDPR The General Data Protection Regulation comes into force next year. Information Commissioner Elizabeth Denham highlights what that means for businesses.
The General Data Protection Regulation is now much more than a speck on the horizon. As 25 May 2018 approaches, the new law is looming large.
The GDPR is an evolution of current legislation that will strengthen the accountability of organisations handling personal information, enhance consumer rights and give people greater control over their own data.
It is at root a modernisation of the law. Many will agree that the reform is long overdue. The world has changed a lot since the Data Protection Act came into force a generation ago. Technology has undoubtedly revolutionised our world, but business models, people’s attitudes to their data and their expectation that their data is properly looked after has changed too. The law needed to follow suit.
Make no mistake, data protection is no longer a back office function – it is a boardroom issue.
Not least because under the GDPR the ICO will have greater regulatory powers to take action against organisations that get it wrong. If your organisation can’t demonstrate that good data protection is a cornerstone of your policy and practices, it could attract enforcement action that can damage both public reputation and bank balance.
Yes, we’ll be able to fine more when it comes to the most serious breaches, but we’ll also have a suite of sanctions to impose on organisations that fail to comply – warnings, reprimands, corrective orders.
But there’s a carrot here as well as a stick, and as the UK regulator enforcing data protection law, we prefer the carrot.
The ICO’s commitment to empowering and educating organisations about how to comply with the law will not change under the GDPR.
In fact, we can achieve so much more by taking softer approaches – steering rather than rowing, guiding rather than commanding.
The GDPR has the rights of citizens and consumers at its heart. They will have stronger rights to be informed about how organisations use their personal data.
But there’s plenty in it for organisations to. Those that fully embrace the spirit of the new law can prosper in the new data landscape.
Opportunity to meet consumers’ needs
Those organisations which thrive in the changing environment will be the ones that look at the handling of personal information with a mindset that appreciates what citizens and consumers want and expect.
That means moving away from looking at data protection as a compliance issue to making a commitment to managing data sensitively and ethically.
It’s an opportunity to have a direct impact on public trust. Trust builds reputation, and both can be easily lost when people discover you haven’t been completely honest about how you are using their information.
If you haven’t yet started to prepare, it’s not too late.
Read more on: ico.org.uk/dpreform