Partner Article
The Data Protection Law is changing!
High-speed internet, Smartphones, WI-Fi, IP-connected devices such as printers along with networks and flash storage has changed the business landscape significantly in the last 10 years. This evolution continues to alter the way we work and do business but in doing so we collect, process, store and access vast amounts of data, whether in the office or via a third party provider. Data privacy particularly that of sensitive and private information collected while we go about our business has been under the spot-light in recent years. Major corporate hacking stories have seen customer records breached and sometimes traded on illegal markets. Whistle-blowers like Edward Snowdon have also shown how global government privacy and trust has been compromised as well as mass scale data collection of citizens simply using their phones. Finally, we have recently seen the “Google” - Right to be forgotten law passed which allows individuals the right to have certain historical information erased from internet search engine results. The European Parliament is about to pass a new Directive on Data Privacy this summer with the aim of harmonising the various member EU laws to account for some of the changes noted above which will change the UK Data Protection Act in some quite significant ways and as business owners and executives we need to be aware of these changes. First and foremost, in the area of penalties this revised law will have significant teeth, up to 5% of annual turnover compared with the £500k cap in place today. This change in focus is to designed to force organisations to take sufficient and reasonable steps to secure the information it uses while undergoing business. The law will also make clear that there is to be a shared liability between customers and suppliers, this move is to account for the high degree of third party suppliers such as Cloud providers. One further area under debate currently is known as Mandatory Notification which in draft form places a 24 hour obligation on our organisations to notify the Information Commissioners Office if an organisation suspects they may have been breached or caught up in a breach of a supplier. This element of the law if passed will pre-suppose that continuous self-monitoring is implemented in order to adhere to this measure. Some of the proposed changes are going to transform our traditional views of data protection and how seriously we resource and measure our security control efforts. What are your thoughts on these proposals? Do we feel that they are too stringent, particularly the 24hour notification mandate? Do we feel that we have a threat from hackers within our organisations or do we see this as hype?
This was posted in Bdaily's Members' News section by Dave Lloyd .
Enjoy the read? Get Bdaily delivered.
Sign up to receive our popular morning National email for free.
Our Partners
North East can't be an afterthought in AI future
Understanding the impact of the Procurement Act
Is the UK losing ground in life sciences investment?
Construction workforce growth can't be a quick fix
Why it is time to give care work a makeover
B Corp is a commitment, not a one-time win
Government must get in gear on vehicle transition
Growing a biotech business in the North East
A legacy in stone and spirit
Shaping the future: Your guide to planning reforms
The future direction of expert witness services
Getting people into gear for a workplace return