2018 is set to be a landmark year for data protection in the UK, across Europe and indeed the world, as the highly anticipated EU General Data Protection Regulation (GDPR), takes effect on 25 May.
GDPR, five years in the making, will take effect in the UK and across Europe in 147 days’ time. It represents the most significant reform in data protection laws in Europe in twenty years with significant new rights for data subjects and new responsibilities for organisations the collect, use and process personal information. At the core of the GDPR reforms is putting the citizen front and centre and giving individuals far greater control over how their information is used.
The tech sector welcomes the opportunity to increase the control individuals have over their personal information. This will be key to creating a culture of data trust and confidence in the UK. Only by creating confidence and trust will UK citizens be able to benefit from the advantages offered by the data revolution. The value of data is expected to be worth £241 billion by 2020, creating thousands of new jobs. However, without public trust and confidence this will not be realised.
New data protection reforms represent an opportunity for every single organisation, across the economy, to take data protection seriously, while also building public trust. As we increasingly live in a modern digital economy and society, where most businesses rely on data and most citizens utilise data-driven services on a daily basis, data protection must be at the core of the way businesses operate.
Additionally, gone are the days where data protection was the responsibility of one department within an organisation. Responsibility for data protection must now be thread throughout an organisation, with employees at every level playing their part. GDPR, with the additional rights and expanded nature, represents a chance for organisations to ensure that all levels take data protection seriously.
It is in organisations’ interest to ensure they are putting data protection at their heart of their processes. Brands that are considered responsible and trustworthy with personal data will increasingly be the ones that customers return to. Significant breaches of data protection will simply serve to damage an organisation’s brand, as has been seen in recent months.
2018 is a year of significant change for data protection. GDPR will set a new standard for data protection across the world. Its influence will not be limited to the EU. This is particularly significant in the context of the UK’s withdrawal from the EU. Organisations should be under no illusions that Brexit will be an end to the GDPR in the UK. GDPR is here and it is here today. The implications of Brexit are significant and complicated. techUK has been clear on a number of occasions that the UK is right to implement and commit to maintaining GDPR as one of the key elements to agreeing mutual adequacy decisions with the EU to ensure that data can continue to flow post-Brexit.
As conversations turn later this year onto the UK’s future relationship with the EU, discussions on data protection will be central. techUK looks forward to ensuring that the UK remains a world-leader in developing high standards of data protection. Whilst today on Data Privacy Day, minds are particularly focused on these issues, they are relevant all year round. The next 147 days will be focused on preparations for GDPR taking effect and organisations will have to dedicate significant time and resource to getting ready for the new law. 25 May 2018 might mark the moment that GDPR comes into effect, but data protection never remains static. This will be an ongoing topic of discussion up to, on, and far beyond 25 May 2018.