Wednesday 12 October 2016

Transparency, trust and progressive data protection (GDPR) ICO

Transparency, trust and progressive data protection | ICO: "Brexit and the GDPR

 You’ll probably be asking me which law exactly I want you to be following, particularly in two years’ time.

And make no mistake – Brexit makes the job I accepted earlier this year, more challenging…but we’re well prepared.

 You may not realise but we’ve had data protection law in the UK for the last thirty years. The current Data Protection Act, may have been based on an EU directive since 1995, but the UK had already introduced the concept of data protection law ten years before the European Union.. With the changes in technology and the growing intolerance for data misuse we’ve known for a long time the law needs reform, it needs modernisation.

 The General Data Protection Regulation or GDPR replaces the 1995 directive and brings the law into the 21st century. Countries who are part of the EU are now preparing to adopt the new law in 2018. The Referendum result has thrown our data protection plans into a state of flux.

What hasn’t changed are the strong data protection rules the UK already has. We need those rules to ensure cross-border commerce, not to mention the privacy protections citizens and consumers expect.

So where do we go from here? What happens in May 2018? And how does UK data protection law look beyond that? We’ve been asking ourselves the same questions.

Let’s start with the known knowns. It is extremely likely that GDPR will be live before the UK leaves the European Union. Remember that the GDPR is actually already in force, it is just that Member States are not obligated to apply it until 25 May 2018.

 The digital world is a smaller world. Copenhagen consumers are closer, Sofia’s citizens aren’t so far away. For most people in this room, the GDPR will be something you’ll have to follow, to do business where you want to.
GDPR brings in new elements – and a more 21st century approach – the right of consumers to data portability is new, as is mandatory data breach reporting, higher standards of consent, and significantly larger fines for when companies get things wrong.

But the major shift in the law is about giving consumers control over their data. It ties in with building trust and is also part of the ICO’s philosophy.

We are helping you to get ready for the new law – and we will continue to provide advice and guidance around GDPR, whether you’re a business with 400 customers or 40 million.

 What about the known unknown territory? That’s those of you who only operate in the UK. We know it’s up to government what happens here, both in that middle period from May 2018 to whenever the UK formally leaves the EU, and beyond.

 The fact is, no matter what the future legal relationship between the UK and Europe, personal information will need to flow. It is fundamental to the digital economy. In a global economy we need consistency of law and standards – the GDPR is a strong law, and once we are out of Europe, we will still need to be deemed adequate or essentially equivalent. For those of you who are not lawyers out there, this means there would be a legal basis for data to flow between Europe and the UK." 'via Blog this'

No comments: