As technology advances, a vast amount of information about consumers has become easily accessible. From mobile to cloud computing and the Internet of things, there are a whole range of ways that a company can get information and share it. At the same time, there is more opportunity for threats, both externally (such as hackers) and internally (such as accidental loss).
Data Protection Laws
In January 2015, the European Union indicated that the General Data Protection Regulation, or GDPR, will come into force before the end of the year.
The EU General Data Protection has been in the pipeline for three years. In 2012, the European Commission proposed reforms of the existing data protection rules to make them fit for today’s technology. The current rules are based on the 1995 data protection directive, so they’re clearly not up to date.
The reforms consist of a draft Regulation setting out a general EU framework for data protection and a draft directive on protecting personal data for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities. These reforms are currently being discussed by two EU co-legislators, the European Parliament and the Council of the EU. The proposals must be approved by these co-legislators to become law.
But What Do These Reforms Mean?
Nine out of ten Europeans say that they are concerned about mobile apps collecting their data without their consent, and seven out of ten are concerned about the potential use that companies may make of that information. So what the EU is trying to do with their reforms is to close the rift between individuals and companies that process their data. They will therefore strengthen citizens’ rights and help restore trust.
- A right to be forgotten. This means that when you no longer want your data to be processed, you can have it deleted. This is about empowering individuals rather than erasing events or restricting the freedom of the press, however.
- A right to data portability. This means that it will be easier to access and transfer personal data.
- Data protection first. Privacy by design and by default will be essential principles in EU data protection rules.
For businesses, there is great business potential in strengthening data protection laws. The value of European citizens’ personal data has the potential to grow to nearly €20 trillion annually by 2020 according to some estimates. These are a few benefits for businesses:
- One law for one continent. The new regulation will have a single law for data protection for Europe as opposed to 28. The benefits are estimates at €2.3 billion a year.
- One stop shop. Companies will only have to deal with one supervisory authority making it easier to do business in the EU.
- European regulators will be equipped with strong enforcement powers. Data protection will be able to fine those who do not comply with the new regulation up to 2% of their global annual turnover, possibly even 5%. This means that these changes will have a huge impact on businesses as far as compliance is concerned.
Are You Prepared?
Many businesses, according to studies from Ipswitch, Trend Micro and FireEye, are ignorant about the proposed changes. The Ipswitch survey revealed that more than half of IT professionals in businesses could not accurately identify what GDPR means, over half of respondents admitted they were not ready for it, and over a third confessed to not knowing whether their IT policies were up to the job. Only 12% felt ready for the change.
To get your business ready, you need to make data security a priority. Use technical and organisational measures to guard against internal and external threats. Technical measures should include patch management, firewalls, device encryption and more. Organisational methods, on the other hand, mean things like policies and procedures to ensure that employees take part in keeping data secure.
Only share data if you are confident that this is permitted and that the recipient has effective measures to keep the data safe. If, for example, you were to use Safestore’s
document storage facility, then you’d need to make sure that the service follows the Data Protection Act in whatever you request is done with your documents. There are further considerations and hoops to jump through if you are sharing data outside of the EEA.
For more information, why not download our
Quick Guide on EU Data Protection Reform.