You just can’t escape privacy at the moment. From Snowden and the NSA, to Facebook and Max Schrems single-handedly bring down safe-harbour; from high-profile celebrity super injunctions through to front-page reports of high-profile data breaches. Rapid advancements in new technology connects us in a way that we’ve never been connected before – we live in an always-on, on-demand, 24/7 global society – whatever you want, whenever you want it, wherever you are. Rob from Fieldfisher tells us why it’s not time to panic!
We generate more data than ever before and we entrust more data than ever before to social networks, apps and connected devices – this is the age of big data, and with big data comes great responsibility and that’s what the GDPR is all about – building trust in an era of mistrust – ensuring that those organisations to whom we entrust our data are accountable and transparent, and if not, that we as individuals and regulators have the right to take action against them (including the right to vote with our feet and either take our data somewhere else [the ‘portability right’] or to have it erased [the ‘right to be forgotten’].
As with all new laws, there are misconceptions about the GDPR, urban myths and scaremongering from lawyers about colossal fines (I’ll come into this later)! If you’re feeling confused or overwhelmed by it, I’m not surprised. My advice is don’t panic – keep it simple, take in bite-size chunks and you’ll be ok – here’s why:
The GDPR becomes law on 25 May 2018 – you’ve got two years to:
If you feel like you still need some gentle persuasion as to why you should start thinking about GDPR now, here you go:
But it’s not just about the fines – organisations must provide individuals (and regulators) with more information upfront than ever before – about the types of information they collect about people, what they use it for, who they share it with, how long they keep it for, where it goes in the world; you can’t do this without going back to basics and mapping data-flows end-to-end (and being really critical and honest about what the GDPR means by personal data).
The other thing you should know (and which you’ll hate me for), is that the GDPR isn’t the end of the story, it’s really just the start – detailed guidance will follow (lots of it), so keep an eye out for this – first off the line will be guidance on data protection officers (the good news is, not everybody has to have one!); ‘high-risk’ processing; and the new right to ‘data portability’ (and you thought subject access requests were hard)!
So, don’t panic but whatever you do, don’t do nothing!
Rob is a partner in Fieldfisher‘s top-ranked Technology, Outsourcing and Privacy team (and is a self-confessed privacy geek). The Fieldfisher privacy team advises some of the world’s biggest brands on privacy compliance from its UK, European and Silicon Valley offices.
Get all the expert insights from our on-demand GDPR webinar.