General Data Protection Regulation (GDPR)
Agreed 27th April 2016
To be enforced 25th May 2018
A regulation that will supersede the Data Protection Act (1998),
- Rules to strengthen how personal data is and can be used within the EU
Protecting data leaving the UK
- The idea is to control how data is used and to provide the owners of the data control over it.
Personal data cannot be controlled once online. The current laws that exist aim to provide regulations on the use of data for EU Citizens, however, clear flaws can be found in these regulations. This has become a huge problem allowing mostly social networking sites and businesses to use the personal data of EU citizens however they like.
GPDR will introduce a number of key changes
- If your business is not in the EU, you will still have to comply with the Regulation.
- The definition of personal data is broader, bringing more data into the regulated perimeter.
- Consent will be necessary for processing children’s data.
- The rules for obtaining valid consent have changed.
- The appointment of a data protection officer (DPO) will be mandatory for certain companies.
- Mandatory data protection impact assessments have been introduced.
- There are new requirements for data breach notifications.
- Data subjects have the right to be forgotten.
- There are new restrictions on international data transfers.
- Data processors share responsibility for protecting personal data.
- There are new requirements for data portability.
- Processes must be built on the principle of privacy by design.
- The GDPR is a one-stop shop
(cited from IT GOVERNANCE)
The Oratus Enterprise group position
The Oratus group welcomes the enhancement to what was already the Data Protection Act. As a business operating in the UK, we agree with the idea of ensuring data is private and protected. We have always maintained a ‘clean data policy’, which is part of the Oratus Formation (a guideline which our employees follow). When we created the OE Group it was natural and ethical of us to take into consideration how we use data, however many businesses in the EU and Outside the EU have routinely sort and used data in unethical ways including as a revenue generator. This is wrong and it was only a matter of time and ‘forced cold calls later’ that the ‘Penny would Drop’ (English Colloquialism and phrase meaning the A belated realization of something after a period of confusion or ignorance).
This regulation enhancement is not going to come easy and we are sceptical about how it will be enforced and monitored. We are also concerned that the companies whom this very regulation was meant for will manoeuvre their way out. Never the less something is being said about your privacy which in recent years has been undervalued.
More about this see CSONLINE