Implications of GDPR for Businesses
Data breaches have made headlines over the past decade across the globe. Whether it is the free services offered by Amazon, Facebook, Twitter and Google in return for personal data is offered by customers, or the ongoing Cambridge Analytica scam where more than fifty million profiles on Facebook were allegedly used to influence US elections in 2016, the clear and present dangers of data use without regulations are being felt across nations.
Stringent data protection rules
Argentina is debating the amendment of Personal Data Protection Act and the new proposal is expected to be sent to the congress in 2018 giving more autonomy and power to the regulating agency.
The Privacy Act in Australia is now thirty years old and has undergone many changes since its introduction. In 2018 the new Notifiable Data Breaches Act will emerge that makes it mandatory for businesses in Australia with AUD $ 3 million or more turnover to disclose data breaches that are likely to cause serious harm to individuals.
In India public consultation around drafting a new data privacy regulation is underway while Singapore too is looking at making changes to the Personal Data Protection regulations.
Implications of the General Data Protection Regulation
From May 25, 2018, the General Data Protection Regulation (GDPR) act has been in force two years after its adoption and four years after it was first proposed. The GDPR seeks to give the data controlling power back to the citizens while guarding their right to privacy. The GDPR replaces the Data Protection Directive of 1995 and applies to all citizens in the European Union.
The GDPR affects businesses within the European Union as well as those outside of EU that deal with data of EU citizens. Data controllers are required to comply with the GDPR regulations in terms of why and how the data is used while the processor carries out data processing. Any profit oriented business could be the controller of data while the processor could be an IT firm such as IT Support London services.
The responsibility to ensure that the processor complies with the laws related to data lies with the controller while the processors are also required to maintain records to document their activities. If a data breach occurs, the processors are liable to a larger extent under the new GDPR as compared to what was applicable under the old Data Protection regulations.
The definition of data also has undergone expansion under the GDPR with inclusion of IP addresses and other online identification under personal data. Pseudonymised data as well as data related to health, economic, mental, cultural information are also categorized as personal data.
GDPR mandates transparency at all levels of data handling starting from its collection, how it is used, stored or the intended purpose. An individual has the right to seek information pertaining to them that the company is holding and to ask for an explanation as to why the data is being collected, processed and who else has access to the personal data. Data controllers are required to provide an explanation in clear and simple language on all the matters related to data collection and processing. Consulting our London IT Support services can help you understand all the implications of data protection.
Individuals also have the right to “be forgotten” and can ask for deletion of data when the purpose of data collection has been achieved.
As many of the regulations related to data are now stricter, businesses across industries may be concerned about the implications of such laws. While they require stricter vigil, following best practices in data handling in consultation with IT Support London services will be beneficial for businesses and help create an environment of trust with their customers. Protocols and documentation can increase efficiency of operations, reduce costs and can also help protect data against cyberattacks.