What is GDPR?
In the coming six months, the data protection rules of Europe are expected to undergo sweeping changes since they were last enacted two decades back. As the incumbent data protection rules were created in the 90s, the amount of digital information that has been created, captured and stored has increased significantly, owing to the increasing role of IT support. In simple terms, the system is fast becoming obsolete.
The solution has come in the form of consensual European General Data Protection Regulation (GDPR) which shall be enforced on 25th May 2018. It will transform how businesses and public sector organisations and particularly their IT support handle the customer data. The purpose of this law is to provide greater protection to businesses and individuals to safeguard their information. Due to massive changes in information database over the years of technological progression, there is a dire need to reform the data protection regulations. It can be regarded as meeting the demands of the time. It is important for all stakeholders to be aware of what GDPR holds for them.
Elizabeth Denham, the information commissioner of UK and in charge of data protection enforcement has expressed her frustration at the level of ‘scaremongering’ around the potential impact for businesses. In her words: “The GDPR is a step change for data protection. It is still an evolution, not a revolution.” She also added that for businesses and organisations already in compliance with incumbent data protection laws the new regulations will only be a ‘step change.’
Precisely, what is GDPR?
It is basically the new framework of data protection laws – it will replace the former 1995 data protection directives, upon which the incumbent UK law is based upon. The GDPR website claims that the legislation is designed to “harmonise” data privacy laws across Europe as well as providing greater safety and rights to individuals. Under the GDPR ambit, there are significant changes for the public as well as businesses and bodies and their IT support system that handle personal information.
After more than four years of deliberations and negotiations, GDPR was adopted by both the European Parliament and the European Council in 2016. After publication of GDPR in the EU Official Journal, it will be enforced in 2018. This two year gap has provided businesses and public bodies covered by the regulation to prepare for the changes.
Are there any data protection laws?
In the UK, the incumbent Data Protection Act 1998 establishes how personal information can be utilized by companies, government and other organisations. GDPR transforms how personal data can be utilized. The GDPR provisions in the UK will be covered by the new Data Protection Bill which has now been published by the government.
Latest UK data protection bill
The UK government’s latest data protection legislation will implement most portions of GDPR. The bill in the usual procedure will need to be passed by the House of Commons and the House of Lords prior to it becoming a law.The government claims that the law will outline a number of exemptions from GDPR which include additional protection for journalists, scientific and historical researchers, and the anti-doping agencies that contains personal information of people
Are Companies and NGOs going to be affected?
Companies, organisations and individuals and IT support that are either processers or controllers of personal data will be covered by the GDPR. Both personal and sensitive personal data will be covered by the GDPR. Personal data is defined in broad terms as a piece of information that can be used for identification of a person. This includes name, address, and IP address and so on. Sensitive personal data includes genetic information, data regarding religious and political views, sexual orientation and so on.