With the ongoing increase in global digitalisation, very few industries (If any) will escape the impacts of the increasingly digitalized world we inhabit. New technologies continue to emerge creating a moving landscape that can seem challenging to even the most digitally mature organisations. Consider the hype around the Internet of Things (IoT), the network of devices such as vehicles, and home appliances that contain electronics, software, actuators, and connectivity which allows these things to connect, interact and exchange data.
The disruptive nature of IoT is set to create data sources and data volumes on unprecedented scales. Experts suggest the Global Data-Sphere will grow from 33 Zettabytes (2018) to around 175 Zettabytes by 2025, with much of the increased data being generated in real-time, creating new demands on data processing.
The value creation from the information contained within this deluge of data could be immense but so could the losses if businesses fail to properly understand their legal and regulatory obligations and make sure they have the correct systems, procedures and policies in place to utilise this data in accordance with the law.
Understanding the implications of the introduction of the GDPR, implemented in this country through the Data Protection Act 2018 (DPA 2018) is the first step that any business controlling and/or processing data needs to take. Ignorance and lack of understanding is no defence to breaching the legislation. The DPA 2018 applies to all companies processing the personal data of EU subjects and therefore applies regardless of the registered location or place of operation of your business, in circumstances where the data of EU subjects is being collected and processed. With fines up to 4% of global annual turnover or £20million (whichever is the higher), your business simply cannot afford to fail to recognise the need for compliance. This is especially important in an environment where consumers have never been so well informed of their rights, and thus, the reputational damage of data breaches could well surpass the hefty fines handed down by the Information Commissioners Office.
It is also important to note that a second legal framework is on its way that will supplement the provisions of the GDPR by creating provisions intended to guard the privacy of individuals, in relation to personal data gathered and processed via electronic communications. Originally intended for introduction alongside the GDPR, the new ePrivacy Regulations are still under negotiation, but the aim is that that the Regulations will introduce new measures with increased focus on ‘future proofing’ against emerging technologies, for example, the increased entry points in to peoples’ lives (by e.g. IoT) and by filling the gap relating to modern means of communication (e.g. WhatsApp, Skype). Despite areas of overlap with the GDPR, it will create a specific focus on electronic communications, in relation to which, it is intended to override the provisions of GDPR.
Very few businesses operate without communicating with their customers, collecting and storing personal information, and in an increasingly digital world, the need to understand how to do this in a manner that is compliant with the increasing demands of the growing EU data protection framework, will not only potentially save you from a hefty fine, it will also enable you to become a trusted business in the eyes of the consumer and enable extraction of the maximum amount of value from the data sourced to further your business goals.
For further advice and information on how we can help you stay on top of your legal and regulatory data compliance, contact Deborah Niven on 07534 903714 or email Deborah.email@example.com.
If you would like to join us for our Cyber Security event in March, follow this link for more information and how to register click HERE