After four years of negotiations, the EU has approved a new data protection framework which will come into force this summer. The General Data Protection Regulation (GDPR) represents a complete overhaul of the existing data protection rules in the EU, and is the biggest shakeup to hit data protection in 20 years. For any businesses not prepared to meet the new standards when they become law in 2018, the consequences could be significant.
The GDPR will be directly applicable to all member states (the previous directives allowed for national legislation), which means that it brings about a new era of consistency across the EU and renders the continent "fit for the digital age." The GDPR replaces the previous set of directives around data protection for the EU which were drawn up in 1995, when the internet was in its infancy.
Stewart Room, cyber security and data protection partner at PricewaterhouseCoopers (PwC), commented: "This will impact every entity that holds or uses European personal data both inside and outside of Europe."
The right to privacy
"The General Data Protection Regulation makes a high, uniform level of data protection throughout the EU a reality," said Jan Philipp Albrecht (Greens, DE), who steered the legislation through Parliament. He continued: "This is a great success for the European Parliament and a fierce European 'yes' to strong consumer rights and competition in the digital age. Citizens will be able to decide for themselves which personal information they want to share."
A key element of the GDPR is its stated aim to give control over private data back to citizens. According to European Parliament News, the regulations include provisions on:
- a right to be forgotten,
- "clear and affirmative consent" to the processing of private data by the person concerned,
- a right to transfer your data to another service provider,
- the right to know when your data has been hacked,
- ensuring that privacy policies are explained in clear and understandable language, and
- stronger enforcement and fines up to 4% of firms' total worldwide annual turnover, as a deterrent to breaking the rules.
The need for these new regulations is clear: a recent Eurobarometer survey found that 67% of Europeans worry about not having complete control over data they provide online. Moreover, 70% of consumers reported concerns about how companies use their private data. The GDPR will force companies to be more transparent about how they use data, which will be an essential step in relieving such concerns.
Data protection failures can be costly
What gives these new regulations teeth is the heavy financial penalties they are backed by. Businesses could be fined by €20m or 4% of annual worldwide turnover for groups of companies for misuse of data.
DeltaNet offer several courses to help businesses operate in full compliance with current data protection legislation, including Data Protection and Information Security, as well as a number of Microlearning Take 5 modules. All of our courses are subject to ongoing legal review, and subscribers receive updates automatically at no extra charge - perfect if you're looking for data protection training now and want to be prepared for the General Data Protection Regulation. Contact us now to find out more.