New EU rules for personal data protection were agreed by the European Commission in Brussels on 14 April 2016.
These rules will become legislation in all member states by May 2018, giving a two year timescale for business and technology suppliers to become compliant.
The statement can be read at:
http://europa.eu/rapid/press-release_STATEMENT-16-1403_en.htm
The new rules will ensure that the fundamental right to personal data protection is guaranteed for all.
Some of the key aspects of these new regulations are:
- Everyone will have a right to have more information on what data on them is stored, and how their data is processed.
- People will have an increased right “to be forgotten” and data in search engine results to be removed.
- Everyone will have the right to know as soon as possible if their data has been hacked or disclosed.
- Concept of data portability – making it easier to transfer data between different service providers.
- New technologies and systems will need to provide data protection by design and by default, not as an extra to be requested.
There will also be simplification of the rules – with one set of standards instead of 28.
How will this impact business?
In the short-term most businesses will see no impact for the next 12 months whilst hosting providers, payment service providers and large data technology companies work out the technology implications and start developing their products to meet these requirements.
Towards the end of 2016 and into 2017 key digital players will start producing products that meet these requirements and many businesses will need to be thinking of upgrading any existing digital systems and procedures to cater for the May 2018 deadline.
ExtraDigital have started taking these changes into account with regards to both data handling procedures and new development work.
Our recommendation for clients is:
- To start planning for changes to company procedures for handling data.
- Any new development work to take account of this new regulation.
- Wait for a year before making changes to existing systems – as with time others will have developed update paths to follow.
- Defer changes to digital marketing as long as possible – these new regulations will have a detrimental impact on many of the current allowed marketing practices of targeted advertising.