EU Parliament gets tough on data protection, adopts GDPR
Organizations have two years to fully comply with newly adopted GDPR reforms.
Who's serious about data protection? The EU.
Just a day after the Article 29 Working Party found the Privacy Shield pact inadequate and recommended the modifications, the EU Parliament adopted the General Data Protection Regulation (GDPR) meant to govern the way data is protected.
Andrew Dyson, partner and co-chair of DLA Piper's international privacy and data protection practice, said. in comments emailed to SCMagazine.com, that it "will significantly alter the way companies and consumers manage their data."
The regulation gives individuals “new rights to control how organisations use their data," Dyson said. "They will have enhanced entitlement to know more about where and how their personal data files are being used and the ability to block or erase certain types of processing."
Dyson anticipates "innovation in the way privacy policies are presented to consumers, with greater use of profile centres where individuals can dynamically control use of their personal information," contending that."organisations that get this right will quickly build trust with the consumer as well as ensuring compliance with the new regime."
John Giusti, chief regulatory officer of the GSMA, agreed in a release, calling "the introduction of stronger consumer rights and harmonised rules across Europe under the GDPR...fundamental to building trust and driving the uptake of new digital services by citizens across Europe."But the onus is on organizations to take concrete steps to comply with the GDPR. “Companies will need to invest in enhanced systems and processes to accommodate these new rights and have robust governance in place to manage compliance effectively," said Dyson. "This is especially the case when looking at technologies involving big data analytics, cloud or the internet of things, which rely on the free flow of data to deliver cost savings, deepen customer relationships and drive innovation."
The cost of not falling in line with the new reforms will be prohibitive. “Non-compliance will be painful, as companies are at risk of fines of up to 4% of annual worldwide turnover for poor working practices," said Dyson, adding that "with a two year window to prepare, now is the time for companies to implement the changes needed to ensure the GDPR enables rather than hinders digital growth.”
But European authorities must remain vigilant of the reforms are to stimulate innovation and economic growth. “It is now up to European data privacy regulators to work together to ensure that the GDPR rules are implemented in a way that supports economic growth and improved competitiveness," said Giusti. "Regulators will need to exercise particular care in interpreting GDPR requirements – around consent, profiling, pseudonymous data, privacy impact assessments and transfers of data to third countries – to avoid stifling innovation in the digital and mobile sectors."
Particular attention is expected to be trained on privacy. “All eyes are now on the review of the e-Privacy Directive. The right balance needs to be struck between protecting confidentiality of communications and fostering a market where innovation and investment will flourish," said Guisti. "To this end, the GSMA calls on legislators to address the inconsistencies between the existing e-Privacy Directive 2002/58/EC and the GDPR. Consumers should be able to enjoy consistent privacy standards and experiences, irrespective of the technologies, infrastructure, business models and data flows involved or where a company may be located.”