If there’s one thing that seems to be getting almost as much media coverage as today’s eclipse, it’s the General Data Protection Regulation (GDPR). Yeah, we know: what a gloomy subject -- no pun intended.
Well, here are five tidbits you may not know about the GDPR and related matters. These gleanings are from reports published over the past few days. Pass these on to your lawyers, even if you’re not active overseas: You never know.
1. The EU Offers One-Stop Privacy Shipping —The EU is funding an open-source service called PlusPrivacy, which allows consumers to manage their privacy settings in one place. “There’s also a ‘single-click privacy’ which automatically sets all your accounts to the most ‘privacy-friendly values,” writes The Next Web. But here’s the tradeoff: “’Privacy-for-Benefit” is still being developed, but the plan is to create new business models that will allow users to partially trade their private data for “economic benefits” — which could be the first step towards personal data as currency.
2. Brexit Won’t Affect UK GDPR Compliance — Many things will change when Brexit takes effect. But the impact of the GDPR isn’t one of them. Oliver Pinson-Roxburgh, EMEA director at Alert Logic, cautions that GDPR will be assumed into UK law, according to Huffington Post.
3. Neither Will Swiss Law — Don’t think you can evade GDPR by emailing in Switzerland. The Swiss Data Protection Act (FADP) states that personal data may not be transferred abroad if that might harm the data subject.
If there’s no law where you are, you can transfer data only if there is a sufficient guarantee, like a contractual agreement, and with the express consent of the consumer, or if in performance of a contract where the data subject is a compelling public interest, like exercising legal rights, or to protect life, according to Lexology.
4. There’s More To Worry About Than GDPR — Companies are focusing so much on privacy that they are ignoring the Criminal Finances Act, which takes effect at the end of next month. According to an announcement by 6CATS International, “organisations will become criminally liable if they facilitate, or fail to prevent, tax evasion by a member of staff or an external agent or supplier.”
Michelle Reilly, CEO of 6CATS International, states that “this should be the priority for all organisations, particularly in industries like recruitment, but we’ve seen relatively few put proper processes in place, which is highly concerning.”
She adds: “The potential punishments include an unlimited fine, reputational damage, the withdrawing of licenses by regulators and even prison sentences in the most extreme cases.”
5. Nobody’s Ready, Anyway — Granted, this contradicts the last finding at least slightly. Only 6% of the UK’s FTSE 350 are “completely prepared for GDPR compliance,” Diginomica reports. The biggest problem? The ability to “entirely delete an individual’s personal data,” Diginomica notes, sourcing the UK government’s annual Cyber Governance Health Check Report. Despite that, there has been an upward trend in preparedness.
Here’s one thing you probably already knew: The GDPR takes effect next May 25.