According to a senior official at the UK's ICO, when reforms to EU data protection laws come into place businesses could be at an advantage if they get data protection right.
Despite concerns surrounding the upcoming reforms to the European Union (EU) data protection laws, businesses in the UK could be at an advantage if they get data protection right, it has been reported.
According to deputy commissioner for policy at the UK's Information Commissioner's Office (ICO) Steve Wood, companies should not consider the General Data Protection Regulation (GDPR) compliance as an unnecessary burden.
In simple terms, as of May 25th 2018, the GDPR will overhaul how businesses process and handle data. Elizabeth Denham, the UK's information commissioner believes that the GDPR will act as a step change for data protection and “an evolution, not a revolution”.
Mr Wood acknowledged that regulation of any kind would have some sort of impact on an organisation’s resources - this is unavoidable, he wrote in a blog on the ICO’s website. However, he did say that the GDPR is no different to any other new legislation. “But thinking about burden indicates the wrong mind-set to preparing for GDPR compliance," he said.
"Whatever the size of your organisation, GDPR is essentially about trust. Building trusted relationships with the public will enable you to sustainably build your use of data and gain more value.”
He believes that when businesses or organisations change their data handling culture, they then derive new value from customer relationships. However, failing to get data protection right is very likely to damage your company's reputation, customer relationships and, in turn, your finances. Businesses that can adapt and demonstrate that they can get data protection right will have a major opportunity and competitive advantage, Mr Wood argues.
The new framework will replace the 1995 data protection directive that current law in the UK is based on. According to the EU’s GDPR website, the legislation aims to harmonise data privacy laws across Europe, while also providing individuals with greater protection and rights.
The reforms come following over four years of discussion and negotiation and were adopted by both the European Parliament and the European Council in April 2016. The measures that are to come into play mean big changes for the public, businesses and bodies that handle personal information.
Within the new legislation, there are 99 articles setting out the rights of individuals and obligations placed on organisations covered by the regulation. This means that people will soon have easier access to the data companies hold about them, as well as being able to withdraw this access if they wish. A new fines regime will also be introduced and organisations will have a clear responsibility to obtain the consent of people they collect information about.
While the GDPR will certainly demand more from organisations in terms of accountability for their use of personal data, it will enhance the existing rights of individuals. Mr Wood claims that it is simply building on the foundations of the existing Data Protection Act.
He wrote: "Many of the fundamentals remain the same and have been known about for a long time.
“Fairness, transparency, accuracy, security, minimisation and respect for the rights of the individual whose data you want to process – these are all things you should already be doing with data and GDPR seeks only to build on those principles."