Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.
More
Home Business

Setting record straight on major shift in data privacy regulation

By Reporter
UK Information Commissioner Elizabeth Denham
UK Information Commissioner Elizabeth Denham

Next month sees the new General Data Protection Regulation (GDPR) come into force across Europe.

It is described by the European Union as the most important change in data privacy regulation in 20 years.

But the UK Information Commissioner is concerned that misinformation on GDPR is in danger of being considered true.

The all-important enforcement date for companies to note is May 25.

GDPR aims to protect all EU citizens from privacy and data breaches in an increasingly data-driven world which is vastly different from the previous 1995 directive.

Penalties for organisations breaking the new regulation can be high. They can face fines of up to 4% of their annual global turnover or nearly £18million, whichever is greater.

Arguably the biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of GDPR, as it applies to all companies involved in the controlling or processing of the personal data of data subjects residing in the EU – regardless of whether the processing takes place in Europe or not.

Part of the expanded rights of data subjects outlined by GDPR is their right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.

The controller has also to provide a copy of the personal data, free of charge, in an electronic format.

This change is described as a dramatic shift to data transparency and empowerment of data subjects.

A right to be forgotten entitles the data subject to request that the data controller erase their personal data, cease further dissemination of it, and potentially have third parties halt processing of the data.

UK Information Commissioner Elizabeth Denham has expressed worry that misinformation on GDPR is in danger of being considered true.

Claims that the new regulation will stop things like dentists ringing patients to remind them about appointments or that cleaners and gardeners will face massive fines that will put them out of business are wrong.

She added: “If this kind of misinformation goes unchecked, we risk losing sight of what this new law is about – greater transparency, enhanced rights for citizens and increased accountability.”

The commissioner said it was a myth that the biggest threat to organisations from the GDPR is massive fines.

She explained: “This law is not about fines. It’s about putting the consumer and citizen first. We can’t lose sight of that.

“Focusing on big fines makes for great headlines, but thinking that GDPR is about crippling financial punishment misses the point. And that concerns me.

“It’s true we’ll have the power to impose fines much bigger than the £500,000 limit the Data Protection Act allows us.

“But it’s scaremongering to suggest that we’ll be making early examples of organisations for minor infringements or that maximum fines will become the norm.

“The UK Information Commissioner’s Office commitment to guiding, advising and educating organisations about how to comply with the law will not change under the GDPR.

“We have always preferred the carrot to the stick.

“Issuing fines has always been, and will continue to be, a last resort. “

The commissioner also pointed out she wants to break the myth that GDPR compliance is focused on a fixed point in time.

Organisations have expressed concern about being prepared in time for GDPR’s introduction next month.

The commissioner said: “Some of the fear is rooted in scaremongering because of misconceptions or in a bid to sell ‘off the shelf’ GDPR solutions.

“I‘ve even heard comparisons between the GDPR and the preparations for the Y2K Millennium Bug.

“In 1999, there was fear that New Year’s Eve would see computers crash, planes to fall out of the sky and nuclear war accidentally start. I want to reassure those that have GDPR preparations in train that there’s no need for a Y2K level of fear.”

The commissioner said it is a fact that GDPR compliance will be an ongoing journey.

She added: “Unlike planning for the Y2K deadline, GDPR preparation doesn’t end on May 25 – it requires ongoing effort.

“It’s an evolutionary process for organisations – May 25 is the date the legislation takes effect, but no business stands still.

“You will be expected to continue to identify and address emerging privacy and security risks in the weeks, months and years beyond May 2018.

“That said, there will be no ‘grace’ period – there has been two years to prepare and we will be regulating from this date.

“But we pride ourselves on being a fair and proportionate regulator and this will continue under GDPR.

“Those who self-report, who engage with us to resolve issues and who can demonstrate effective accountability arrangements can expect this to be taken into account when we consider any regulatory action.”

This law is not about fines. It’s about putting the consumer and citizen first