In-depth

GDPR preparation: 2018 data protection changes

Changes to data protection rules will have major implications for your business

The EU's General Data Protection Regulations (GDPR) has been in force for a year and it's become increasingly clear compliance was more about engaging in a process than being entirely ready on 25 May.

Gaps small and large may still exist in companies' data strategies, which should be expected given GDPR presented the biggest ever shakeup to data laws since their conception.

Advertisement - Article continues below

And as we continue in 2019, businesses may find the definition of compliance' itself changes as regulators establish different interpretations and nuances in the written law. But underpinning all these elements are a set of age-old data protection principles that ensure good data health, and the protection of consumers, or data subjects', rights to privacy.

All organisations, in varying sectors and of varying sizes, must collect and process data in the fairest and most consistent way across the entire European population, as far as GDPR is concerned. User consent must also be obtained in an overt and clear manner for a whole host of data processing activities - from updating customers on future products to using this data for marketing purposes. There are a number of additional rights, such as the right to be forgotten and subject access requests (SARs) that businesses must comply with.

Advertisement
Advertisement - Article continues below

GDPR outlines that data subjects can themselves indicate how much and how intimately organisations can keep their information, and for how long, as well as retaining the right to know what it's used for prior to giving consent.

Advertisement - Article continues below

It's actually the first change to data regulations in the UK since the Data Protection Act 1998 made significant improvements to the UK's legislation. Previously, UK law was regulated by the EU's own Data Protection Directive 1995.

Read on to understand the key aspects of GDPR you must comply with, and read to page three to find out where you are on our GDPR preparation timeline.

Jump to:

Why is GDPR necessary

Who is responsible?

The Brexit (non)-issue

Data breach notifications

The right to be forgotten

Record keeping

Getting it wrong

Our GDPR preparation timeline

Why is GDPR necessary?

Our personal data is online everywhere, despite us trying to protect it from being freely available. Bank details, our address, even our mother's maiden name or answers to security questions only we should know the responses to are shared with an array of online services. Whether we're completing a one-off transaction or offering such information to social networks when we sign up to keep in contact with old friends.

Advertisement - Article continues below

But what happens to that data once the transaction has been approved by our bank or an account has been created? One key concern is that it will be reused, distributed to others in exchange for money and this is why the GDPR guidelines have been introduced to give EU citizens more transparency about how their data is being used.

Businesses are concerned that ensuring they comply with the guidelines will cost a lot of money, despite the GDPR making it easier for firms to ensure they're in line with the law. It may seem like a lot of effort to make sure your business is adhering, but by doing so, you're reducing the likelihood of your company falling victim to a large-scale data loss crime, which is as beneficial for your organisation as it is for your customers.

Advertisement
Advertisement - Article continues below

The primary purpose of GDPR is to ensure personal data "can only be gathered legally, under strict conditions, for a legitimate purpose". This comprises a long list of responsibilities and understandings, such as the ability for residents to request their data is removed from a database and that data breaches are reported to the ICO as soon as they occur. Failure to comply can lead to huge financial penalties, so it isn't something you can ignore.

The Brexit (non)-issue

GDPR doesn't only apply to UK companies while Britain remains a part of the EU. That's because GDPR isn't dependent on whether or not a company is based in a member state. The legislation applies to any organisation processing or using EU residents' personal data.

Advertisement - Article continues below

So any that held off updating their data protection procedures to comply with the rules were just making the task more difficult for themselves. Equally, those who spent lots of money and time on their GDPR preparation can reassure themselves that it wasn't all wasted.

For those few organisations who don't process EU residents' information, they still have to comply with GDPR in the longer term.

This is because the UK government is effectively replicated the vast majority of GDPR rules under the Data Protection Act of 2018

Measures including much tougher fines for organisations misusing data - up to 17 million of 4% of global turnover - as well as removing companies' reliance on opt-out boxes to use people's data - are included in the Act. This means UK law now looks very similar to that of the EU.

This is vital to the UK's future economic relationship with the EU, as it will enable the continuous flow of data between the two to carry on uninterrupted, without any need to come up with a new agreement like the EU has with the US to ensure data protection parity.

But there are some key differences between the UK's Data Protection Act. One, for instance, prevents data breach victims from allowing independent bodies - such as privacy groups - from taking legal action against the organisation at fault on their behalf.

  • Security
  • General Data Protection Regulation (GDPR)
Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/cloud/355098/ibm-dedicates-supercomputing-power-to-coronavirus-researchers
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020