Fueled by the technological advancements of recent years, the volume of data produced, processed and shared worldwide, has reached unforeseen proportions. However, these connected phenomena haven’t been adequately reflected in the respective laws which govern data – at least until now.
Introducing major changes to Europe’s privacy laws, a new single data protection act, General Data Protection Regulation (GDPR), will enter into force on May 25, 2018. The Regulation will replace the outdated Data Protection Directive from 1995 and its local versions, making it the biggest reform of privacy legislation for 20 years.
The reforms were designed to harmonize data protection laws across the EU in a way that effectively protects individuals’ privacy in the digital world of today. The changes it will bring following the 2018 deadline will have implications for all businesses of all sizes that handle the personal data of EU residents, regardless of location.
“GDPR WILL EFFECT CHANGE IN THE LIVES OF INDIVIDUALS, GIVING THEM GREATER CONTROL AND RIGHTS OVER THEIR PERSONAL DATA.”
While the Regulation builds on some of the core principles of the current EU data protection regime, the many new concepts it introduces will require clear guidance and often major operational reforms.
This is expected to be the case with the much stricter rules around obtaining and withdrawing individuals’ consent; notification of data breach; mandatory privacy impact assessments, or the requirement for “privacy by design and by default”, to be achieved by transparent processing as well as the encryption or pseudonymization of personal data.
To comply with the new standards, companies will be motivated by the notably higher fines – reaching up to 4% of annual worldwide turnover from the preceding financial year, or 20 million euros (whichever is the greater) – for serious breaches of GDPR principles.
Apart from affecting businesses, GDPR will also effect change in the lives of individuals, giving them greater control and rights over their personal data. As a result of this, individuals will be able to request that businesses delete their no longer necessary or accurate personal data using “the right to be forgotten”.
Other than deleting their information, customers also gain the right to access a readable copy of any data a company has collected about them and can object to their data being processed.
“COMPANIES WILL BE MOTIVATED BY THE NOTABLY HIGHER FINES FOR SERIOUS BREACHES OF GDPR PRINCIPLES.”
Beyond the concrete pros and cons, the reform has potential to bring increased consistency to data protection practices, eliminating problems arising from the existence of different national variations. Businesses and customers affected by GDPR may also benefit from a “one-stop shop” for solutions to their challenges via a single data protection authority.
To learn more about the most important changes introduced by GDPR and their practical implications, read the related whitepaper by ESET or stop by at ESET booth B05, in hall 5, during Mobile World Congress taking place in Barcelona, February 27 – March 2, 2017.