Posted by Robert Half on 11 June 2015
When the current Data Protection Act was drafted back in the 1998, it was the time of Tamogotchis, VHS and Windows 95. Most people had never even dreamt of a smartphone and nor had they yet mastered the art of conversing entirely in abbreviations. Back then, no-one could have predicted how massively the internet would impact our society and how it would change the face of not just our personal lives but also global business. The rapid change of technology and the rise of cybersecurity means that the Data Protection Act is now, in need of change.
In today's world of e-commerce, social networking, online banking, gaming and cloud computing, the implications on data sharing and as a result, cybersecurity concerns are monumentally huge. Personal data is collected and stored in every transaction we find ourselves in – whether it's sharing a social media update or transferring money, and thanks to cloud computing that data is transferred globally. It can be stored in one country, processed in another and accessed across the world.
Time for a European consensus
Technological advances aren't the only issue for regulators. The UK Data Protection Act update is expected to modernise existing rules and create a more harmonised regime across Europe. Despite extensive delays, at the end of 2014, 16 countries including the UK, France and Germany had called for the new regulation to be adopted by European legislators in 2015. For businesses, this highlights the need to be ready for change and the need to have skilled technology professionals in place help solve and implement these changes for companies.
The business impact
The new regulation will place greater responsibility on businesses to implement cybersecurity, meaning protecting personal data, removing the concept of implied consent for data transfer and making it easier for consumers to access their own data. It will also provide consumers with a 'right to be forgotten', forcing businesses to delete data that is not required for legitimate reasons. The legislative changes will be accompanied by a beefing up of regulators, strengthening data protection authorities to allow for better enforcement.
The tidal wave of changes are monumental and they are coming in fast. With such a short lead time, if businesses fail to prepare now, they may risk suffering fines for failing to comply when the enforcement period begins.
Preparing for the data protection change
Exactly how the new Data Protection rules will look is still being decided but the general gist is unlikely to change. Technologies develop so fast there are concerns that the new legislation will be out of date before the ink's dry, but the onus is nevertheless upon businesses to ensure they are updating their own standards. Not only is the Data Protection Act a concern, but cybersecurity challenges are also an issue due to the constant advancements of technology and the internet.
Businesses must start preparing now by reviewing their current data standards, assessing whether they are in line with industry expectations and consumer trends. From there, companies can decide whether they have the right infrastructure and policies in place, a culture of IT security at work, and are able to recruit specialist IT professionals to advise, implement and maintain data protection standards and cybersecurity concerns.