The General Data Protection Regulation (GDPR) comes into force next month but what is it and why is it being implemented?
The GDPR was developed by the European Union over a four-year period to serve as a legislative solution to issues regarding data protection in the present day. Currently, laws regarding data protection in the United Kingdom are based on the Data Protection Act of 1998 - an update of the 1995 EU Data Protection Directive - which itself was designed to handle security issues as understood by lawmakers and programming experts in the years leading up to the millennium.
An ever-changing online world
In today's ever-evolving digital environment, the protection of personal data has become more critical than ever. As data breaches occur with greater frequency, the cyber-security standards that were put into law 20 years ago are no longer enough to protect the information of businesses and customers that interact online. The larger the database, the graver the consequences of a breach for parties at both ends.
The GDPR is intended to solve security issues that have emerged over the past two decades since the development of cloud technology and its impact on data security the regulations are designed to protect customer data in the new digital environment. In an age where companies like Facebook and Google share the personal data of account holders in exchange for site access and features, the GDPR seeks to return more control of the situation back to the user.
The other reason for the GDPR is to establish a clear-cut set of regulations under which businesses can operate in regards to the handling of customer data. With these new rules, the boundaries would be easier to understand on both the corporate and consumer end, which would make it easier for businesses to earn and hold the trust of customers.
The law will also offer more power to citizens in regards to what companies can do with private data. While the new law will be beneficial on all sides, the GDPR has been designed to protect consumers.
With the laws on data protection more clearly defined throughout the EU, the GDPR could save the European business economy roughly €2.3 billion a year. That saving, in turn, could be passed onto consumers.
Into the Unknown
It remains to be seen just how immediate the new regulations will be implemented across the board. Despite the fact that most IT security professionals have acknowledged the scope of the GDPR, less than half of them have readied their systems for the new law.
For thousands of companies worldwide, the new law has led to widespread adoption of best-practice standards such as ISO 27001:2013.
Check out the resource pages on our website for more information including blogs, webinars and further guidance.