EU General Data Protection
Survey provides good news in the UK’s race to go paper-free – but there’s still a long road ahead
With World Paper-Free Day, which was held on November 9, still in the memory we have some good news to […]
If anyone was in any doubt about the future direction of data protection in the UK then the recent UK Data Bill, currently going through the Lord’s, should serve as a wake-up call – because there may be far more to come.
The Bill contained no real surprises, after all much of it simply re-confirmed policies which have been discussed for a long time by politicians and officials working on the EU General Data Protection Regulation (EU GDPR), which comes into play in May 2018.
For those who have been ignoring what is happening in Europe, however, in the hope that it will simply go away after Brexit, it may have rung some alarm bells. In fact, it really should do!
Earlier this year a Crown Records Management Survey, which polled 408 IT decision makers in companies of between 100 and 1,000 employees, suggested almost a quarter of businesses had cancelled preparations for the EU GDPR – in a ‘wait and see’ policy.
Now, however, we can all be certain that there is a definite trend towards ever-greater legal requirements over how data is stored and collected.
The UK Data Bill first hit the news in August, handing Britons increased rights over the use of their personal data.
It will make it simpler for people to withdraw consent for their personal data to be used, allow them to ask for it to be deleted or updated – and also require firms to obtain explicit consent to process sensitive data in the first place.
The bottom line is that in future businesses will need to know exactly what data they store, how to access it and how to edit it. And in addition they must be certain that proper consent has been given by the data subject.
The Bill will come as no surprise to anyone who has followed the progress of the EU GDPR which contains highly similar language.
In fact, there has been a string of recent legislation designed to tackle the issue of data protection and regulation.
• Privacy & Electronic Communications Regulations (enforcement May 2016)
• Payment Services Directive 2 (enforcement Jan 2018)
• EU General Data Protection Regulation (enforcement May 2018)
• Network and Information Systems Directive – consultation period
• UK Data Protection Bill – in Queen’s speech and more details published in August
Looking at that list it’s easy to see the ‘direction of travel’ in data protection in this country – and it’s something businesses need to take urgent account of.
The truth is that companies now need to realise that there is a definite trend towards legislation which requires organisations to have greater and more detailed control over personal data.
With increased legislation from the UK, EU and many other governments worldwide the direction is all one way – more protection and higher penalties for getting it wrong. And, with it, more public interest in how their personal data is used and protected.
There has never been a greater need for businesses to get their information management processes and governance in order.