It’s alive! The EU General Data Protection Regulation is coming your way

On Thursday 14th April, the earth moved: the EU General Data Protection Regulation (GDPR) was formally adopted by the European Parliament after four years of negotiations.

The Regulation is the biggest change to data protection law in 20 years. The starting gun will be sounded in May: you will then have two years through to May 2018 during which you will need to prepare for the requirements of the new data protection regime.

The GDPR’s champion in Europe, Jan Albrecht, has published a video “my data, my choice.” It gives a flavour of why the new Regulation is necessary and the principles that underpin it. Data has immense value; it is an asset for organisations who must still be able to collect, use and share it. At the same time, “…data is a version of you.” It relates directly to the private lives of individuals, who have privacy expectations and much to loose from the accidental or deliberate misuse of their information.

The relationship between individuals and organisations will therefore need to evolve: organisations will need to be clearer on why they need personal information; how they manage it; what they plan to do with it; how they are protecting it and who they share it with. Organisations will need to assess the risks they face and make informed decisions on the resources they will allocate to protect the personal information assets they are responsible for. And individuals will have greater rights to access, correct and manage their personal information.

The Regulation will replace our Data Protection Act 1998 (DPA)….mostly. However, the Regulation does allow for nations to “relax” requirements in a number of important areas, so the UK Government and the ICO will need to agree on their positions (for example, on issues such as exemptions and privacy at work).

What to do next

As ever, the devil will be in the detail – in what the Regulation means in practice for your handling of personal information. This is where Protecture will support organisations to manage the transition from the current law to the new Regulation.

As a starter, the Information Commissioner’s Office (ICO) has set up a new GDPR microsite and published a 12 step guide to preparing for the Regulation.