Most of us by now will have heard of the General Data Protection Regulation (GDPR), and most of us will already be preparing for when it comes into force in May 2018. It is widely regarded as being one of the most significant regulations to come out of Brussels for years and it will affect all of us – as individuals, as digital vendors and as digital leaders.
The regulation is designed to harmonise data protection law across Europe, and make the law more relevant to our digital age. It will apply to any organisation which is doing business within, or with, Europe. Compliance with the new law will be critical, given that the penalties for breaching the regulation will be substantially higher than now.
Brexit doesn’t give us a “get out of jail free” card. Our government has already been very clear that it wants the UK to be “the safest place in the world to go online”. Not only will GDPR come into force next year, once we have exited the EU we will need to at least mirror the GDPR. In a recent review of the UK’s Cyber Security Strategy, which looked at how good cyber security practice could be incentivised, Matt Hancock concluded that no further cyber security regulation was necessary, given GDPR.
Am I bothered? Yes, I am. I cannot over-state the importance of being on the front foot for GDPR. If you haven’t already started preparing, start now. Make this a matter of priority, and make this a matter for your Board.
This isn’t a case of “each company for itself”. GDPR compliance will be fundamental to the health of the UK’s digital economy, now, and in the future. It would be irresponsible and very risky to ignore it and hope that it goes away, because it won’t.
The Information Commissioner’s Office is now posting guidance on how organisations should prepare, and I’m also delighted to introduce a very helpful White Paper from Mark Bailey, a highly experienced technology lawyer, and Partner at Charles Russel Speechlys. The paper takes a very practical approach to ensuring GDPR compliance when buying cloud services, showing what to look for, highlighting the legal pitfalls if personal data is taken off-shore, and how the legal pitfalls can be avoided.
I hope you find it as helpful as I did!