In hopes of protecting the personal information of EU citizens everywhere, the General Data Protection Regulation will come into effect on 25 May 2018, tasking London businesses with the duty of compliance.
While the regulation does replace the 1995 Data Protection Directive, which was considered outdated by many in these technological times, it also leads some to believe reforms could cause for even weaker data protection according to a report by ComputerWorld. The act builds upon the original directive by looking to protect the information of all EU citizens as it extends the reach of the EU data protection law to every foreign company processing EU residents’ data.
The regulation has been a cause for concern, however, because of the strict fines it imposes on any business that is unable to comply. Businesses could be looking at fines up to €20,000,000 or 4% of their global turnover, a hefty chunk of change for a regulation that will inevitably deal with multiple languages across vast distances – not to mention how much data will need to be sifted through considering all the different pieces of information the GDPR classifies as personal data. Examples of personal data include biometric data, genetic characteristics acquired at birth, health data and a classification called “other data” that includes a myriad other qualifiers. A worldwide survey reported on by independent.ie shows just how many businesses fear this change as 47% of the over 900 surveyed feel they will fail to meet the requirements imposed by the GDPR.
If we take a look at London’s top 25 companies as reported by V London City, we can see a number of businesses in the city that will be heavily affected by the change. Barclays, the fourth and oldest entity on the list, deals in investment banking and wholesale crediting, two fields that largely deal with personal information. In 2012, the company had assets totalling 2.4 trillion dollars and in 2014, Barclays had over 130,000 employees, 48 million clients and operated in 50 countries. Fedelma Good, Director of Information Policy at Barclays has clarified that the person Barclays will hold responsible for GDPR compliance will be the Head of Customer & Client Experience for each bank branch.
Insurance company Aviva has already put up a guide on their website to explain how customers can keep their information safe, but has also added that there will be more instruction to come the closer to when the GDPR comes into effect. However, a report by dataiq.co.uk mentions the complexity behind the way the company looks at its customers’ information. Aviva data protection officer Kevin Willis said the company has a “composite strategy” that depends on looking at customers like individuals and not just the products the customers purchase from the company. This will mean many hours of work to comply with the impending regulation as the London-based, multinational company filters through the information of their nearly 13 million customers.
Despite the apprehension by certain companies, it’s not all doom and gloom as some look forward to the change and believe it will bring the protection that the 1995 Data Protection Directive was unable to provide. Brian Hills of The Scotsman writes: “GDPR will be a catalyst for innovation” and goes on to list other positives of the new regulation. Some of the upsides include an increase in customer trust, advancements in organisation and the stimulation of new products and services that will supply the means to remain aligned with the GDPR’s guidelines.
In an interview with Silicon Republic, Canon’s EU director of information security, Quentyn Taylor, expanded on this thought and said the change will be a positive one because it will force the data security industry to focus more on the customer and have a better grasp on the flow of information, making information security improve as a whole.
If you’d like to follow the GDPR, a one-day conference will be held on October 9th in London. The summit is a follow-up to three other conferences and two streams regarding the matter and will strive to questions left unanswered thus far. More information on the event can be located on the summit’s official website, filling you in on admission prices and specific rundowns of the topics being discussed.