With the growth of the Internet, people are sharing more and more data with Internet and Digital companies. As a result, fears related to data protection and privacy have increased amongst the public. Various governments have tried to adopt legislation aimed at calming the fears around data protection.
The General Data Protection Regulation is a directive enacted by the European Union which will enter into force on 25 May 2018 across all the EU countries. The UK was scheduled to adopt GDPR in 2018 like all others EU member states, but the Brexit referendum on 23rd June 2016 has complicated the matters. However even if the UK leaves the EU, all British businesses will still be affected by GDPR to a significant extent as most of the international companies will be required to comply with the regulation due to their extensive operations in EU member states.
Unlike previous data protection laws and directives adopted by various countries and the EU in 1990s and 2000s respectively, GDPR is a more comprehensive piece of legislation which addresses many issues which have arisen with the increased popularity of Web 2.0 technologies and the newer generation of website and apps.
Many of the concepts in GDPR are similarly to the UK’s Data Protection Act of 1998 which has been the main piece of legislation regulating collection, usage and protection of data by various commercial and government organizations. GDPR has almost the same definitions of controllers and processors of data as defined in DPA. There are high chances that if you are subject to DPA then GDPR will also apply to you.
Many analysts have advised that even after Brexit, the UK will still be required to maintain a sort of interoperability between national and EU legislation due to high level of trade and close relations with the EU. So, after Brexit, British government is likely to adopt a similar piece of legislation modelled on GDPR which will align the UK’s data protection laws with those of EU member states.
GDPR also has a clear definition of consent such as the European Data Protection Directive of 1995 and has introduced some new concepts such as data breaches, data protection officers, right to erasure which is a watered-down version of the long demanded right to be forgotten.
Once GDPR comes into force, most public and private organizations storing data will be required to have a data protection officer who will be a person with expert knowledge of data protection laws and processes. DPO’s main job will be to assist controllers and processors with data protection and monitor the compliance of GDPR by various organizations.
The DPO will also be responsible for immediately reporting data breaches to the concerned supervisory authorities as this will allow regulators to react to any data breach within the shortest time possible.Right to erasure will give a person the right to get his personal data erased from a company’s servers on legal grounds.
Overall, GDPR is a well-crafted piece of legislation which will have far reaching effects on data protection policies and processes across Europe and wider world.