I have read a lot about GDPR in the news lately. What is this and how will it affect me?
The short answer at this stage is: no-one can really say in great detail. GDPR stands for “General Data Protection Regulation”. The rules about how it applies will be looked after by the Information Commissioner’s Office (ICO) from which we all await detailed guidance. The law comes into effect 25th May 2018.
The GDPR comes from the European Union. Regulations like it have to be brought into English Law in a way that is acceptable not only to the authorities here but also to the authorities in the EU.
Normally the Westminster Parliament passes an Act of Parliament when it wants to give effect to EU laws like this. And there will in due course be an Act of Parliament called the Data Protection Act. This will replace the existing Data Protection Act which dates from 1998.
But the new Act may well not pass into law until 2019 so for the moment we shall all need to rely on what the GDPR actually says and how the ICO interprets what it says.
When the GDPR was first up for discussion – several years ago now – our ex-Prime Minister David Cameron remarked that as an idea it was “demented” and that it would greatly hinder the digital economy.
But as it happens the new law seems to have caught the mood of the times as they now are in that there appears to be a great deal of interest in and worry about personal data/access to data/how data is kept/how it is passed on etc. etc. These concerns appear to have arisen or grown due to very well publicised matters like the Cambridge Analytica case and the way in which Facebook processes personal data.
In outline “data processors” – those individuals or organisations who hold or obtain personal data about us – will have to be much more careful in future about what data they seek; how and where they keep it; how long they keep it for; who if anyone else they give it to. And other matters.
It is hoped that it shall be more difficult in future for holders of data to pass it on willy-nilly to whoever they choose to give it to. Those who have acquired our personal data are to be held more accountable for what they do with it and the ICO has the power to impose very large fines indeed for data breaches: £20 million Euros OR 4% of the turnover of a business whichever figure is larger.
The fact that the ICO has recruited 500 extra staff to deal with GDPR and other things going forward shows how seriously the powers that be take the issue of the protection and correct use of personal data.
If you want more information the ICO has a helpline number: 0303 123 1113.