Many of you have probably had your fill of the General Data Protection Regulation (“GDPR”) and people telling you what you need to change in your organisations to become GDPR compliant. Sadly, I’m afraid, you have a lot more coming your way. This is because the GDPR is not an isolated piece of regulation but part of a trend, a movement if you will, towards greater data protection, data privacy and data accountability.
Technology and data
Because technology continues to develop apace – AI, Fintech, etc – and because technology relies upon data for its basic functionality to have any use we must expect data privacy regulations to increase in quantum, scope and power. True, not all data is personal data that can be used to identify us as individuals but a growing amount is and it is the potential for abuse of this data that concerns the authorities. To be honest, government is playing catch-up and will continue to do so as technological advancements happen. The Internet of Things (“IoT”) is just one more example of a field that few of us could have imagined a decade ago.
The movement we are witnessing as the authorities tackle data privacy issues is towards giving us as individuals (data subjects, as the GDPR calls us) greater control over who has our data, where and how it is held and used (or processed) and what we can do to prevent others from having or using our data. In effect, we are moving from an environment in which businesses could view the data they held on us as an asset with value (sometimes even as a tradable asset) to one in which they have to realise this data is loaned and not owned (I think I should copyright that!).
The GDPR II, ePrivacy Regulation and more
Preparations for GDPR compliance need to take into account the ongoing nature of this trend towards greater consumer power and the known and unknown regulations coming in the field of data protection. The best practice will be evidenced by those organisations that achieve a true culture shift within their people, away from data as simply a business tool towards one of respect for the individuals behind the data. Only by achieving this cultural revolution in data protection will an organisation be fit and ready for the oncoming waves of data protection regulation which are coming.
The EU ePrivacy regulation – or “Regulation on Privacy and Electronic Communications” – is coming soon. We don’t yet know precisely when this will become EU law but 2019-2020 seems the likely timeframe and it will expand and extend on the reach of the GDPR. Those organisations that have kept one eye on this whilst preparing for GDPR compliance will have a head start. Those that have focused solely on doing what is necessary to become compliant will constantly be playing catch-up with the authorities.
If you want to know more about GDPR, data security and privacy and how you can adapt to this changing environment then drop us a line at firstname.lastname@example.org. It doesn’t need to be painful!