The EU General Data Protection Regulation (GDPR) comes into effect in the UK and across Europe on 25 May 2018. Its sister legislation, the Law Enforcement Directive, comes into effect slightly earlier, on the 6 May 2018. Both are currently working their way through Parliament in the Data Protection Bill, and together they represent the most significant reform of data protection laws for twenty years. The Bill will have profound implications for organisations across all sectors that collect and process personal data.
As part of a series of events looking at the impact of the Data Protection Bill, techUK last week hosted a panel event to explore the implications of the Bill on policing and the justice system, and on tech suppliers to that sector.
Jeremy Lilley, techUK’s Policy Manager for Data Protection, chaired the panel of industry leaders, and opened proceedings by providing a bit of context for the discussion, explaining the background of the Bill, its progress through Parliament, and the areas where we are still awaiting guidance.
Chris Pounder, the Director of Amberhawk Training, addressed the Law Enforcement Directive, and provided some crucial clarity on the similarities and differences between GDPR and the Directive.
Freha Arshad, an Information Security Manager with Accenture, spoke about her experiences working in a major Police Force to advise them on compliance. She highlighted the implications both of the Directive on operational matters, and of GDPR on policing as a business (with regards to HR data etc).
Julian Anderson, the Digital Government Sector Lead at Thales e-Security, provided a vendor’s perspective, outlining how information security companies are working with Forces to counter and mitigate breaches. He particularly emphasised the importance of encryption, access management, and strong key protection.
Nick Luscombe and Stefanie Jacobs, both from Microsoft, closed out the panel presentations by explaining how, as a cloud provider and data processor, they are giving Forces the tools they need to do the job while protecting them from non-compliance. They made the important point that compliance is not just a matter of technology, but also one of people and processes.
The panel presentations and subsequent discussion identified several key themes. Primarily, maintaining trust is vitally important, and trust in data may well be the next frontier in the issue of public trust in policing. And it was posited that, given that this is the most significant change in data protection law for a generation, there is a chance that the regulations will be seen, not simply as a compliance issue, but as an opportunity to share and manage data more effectively across the entire justice system.
Members can download the slide deck from the event below.
For more information about techUK’s Data Protection work, please contact Jeremy Lilley.