Since the 1980s, the rise of the Internet, combined with widespread technological advancements, has led to a massive increase in the amount of data being stored, processed and transmitted between businesses. Essentially, this means that the Data Protection Act is no longer fit for purpose, nor provides adequate protection for people (‘data subjects’).
The corresponding surge in cybercrime and the ever-increasing value of an individual’s personal data for marketing use has led to data protection becoming a major hot topic in the legal and business world. Following four years of high profile negotiations, the General Data Protection Regulation (GDPR) was adopted by the European Union at the end of April 2016.
With a two-year bedding in period, the regulation will automatically become law in all EU member states in May 2018, by which time businesses will need to comply with the new rules.
When it comes into force, the GDPR will supersede both the UK Data Protection Act 1998 and the EU Data Protection Directive of 1995.
The clock is ticking towards May 2018 regardless of the UK’s decision to exit the EU. At the time of writing, the UK has still not given notice under article 50 of the Treaty on the European Union.
This means the GDPR will automatically become UK law before the end of the subsequent two year negotiation period regarding the UK’s EU withdrawal. According to experts, the GDPR is likely to remain in place afterwards, since it also provides a desperately needed and timely improvement on existing data protection law.
“It is critically important that businesses start preparing now for the GDPR as everyone will need to use that lead-in period up to 2018 to properly prepare their business for compliance,” comments Jowanna Conboye, Solicitor specialising in Intellectual Property and Information Technology at Stephens Scown in Cornwall.
“Park owners and operators can really set themselves apart by showing prospective customers how aware they are of the need to protect their information. The advent of the GDPR represents a great opportunity for businesses of all kinds to get their house in order.” “These new rules send out a clear message that every business must take data protection extremely seriously,” says Jowanna. “The data protection rules cover all aspects of data – relating to both customers and employees – and the use that companies make of personal details to build up customer profiles. Privacy and security have become critical issues,” explains Jowanna.
“It’s not just your own company’s website and systems that need to be secure – it has to reach along the chain to any partner businesses, such as website hosting companies and payment processors. Companies need to review all of these arrangements and ensure that the contracts they have in place with partner businesses are robust and that responsibilities and liabilities are clear.” Despite the transition period of the next two years, it’s crucial that park owners and operators, and their related businesses, start preparing now for the enhanced legislation to ensure they are not caught short when the rules come into force. Ideally, businesses should conduct a full Data Protection Audit of their processes and systems.
To read more on this story, subscribe here.