In this post-referendum, pre-Brexit era, the reach of the European Union can still be felt throughout the land. I’m not stating my position on the in or out campaign but anyone who really knows me would be clear about my views. Instead I wanted to talk about the General Data Protection Regulation or GDPR for those who like their initials.
If you haven’t heard about the regulation, then where have you been? It could turn out to be the single biggest thing to hit ICT for a long time yet for many of us it is slipping under the radar. The GDPR is going to replace the Data Protection Act which arrived in the statute way back in 1988. That was in the last century. Life has changed considerably since then and especially around the way that we store and share data. I’m not sure that I had heard of the internet back in the eighties.
In eighteen months’ time it will become law. Are you ready? There was some thought that, as it is a piece of legislation that emanates from the EU that it may not affect the UK but the government has now made it clear that it will be adopted. Even if they hadn’t it would have been a pre-requisite for trading across the continent and so would have been implemented by default.
As Robert said, GDPR means GDPR.
Apart from the big fines that may be imposed for any breach, the main difference with the new regulation is the right to be forgotten or erasure as it is officially called. The public will have the right to have certain data about them removed from all records. All records that is. This goes along with the right to remove consent even if it was given previously.
To do this assumes that we are able to tell where all of our data is. That in itself is going to be a potential nightmare for us and it is on the back of this amendment alone that I am saying that this could be one of the biggest things to hit ICT for many years.
We have eighteen months.
Thoughts from a Guerrilla Worker 