“Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual…the right ‘to be let alone’”.
Find out about how to protect your business
If you are interested in any of these areas then please click here.
What is Privacy?
Privacy is the desire and ability to be let alone. When we set about protecting an individual’ or a groups privacy, we look to enable them to seclude themselves or keep information about themselves secret, and thereby determine the way they are perceived or understood publicly.
Privacy has been recognised as a fundamental human right and has consequently been provided legal protection in 137 out of 194 countries worldwide.
EU Regulation
In EU nations the right to a private life and the right to protection of person data are recognised in Art.7 & Art.8 EU Charter of Fundamental Human Rights. However, the provision of these rights to EU Citizens is alone, insufficient to fully protect them.
The General Data Protection Regulation (GDPR) better-enables “on the ground” protection of individual privacy by mandating companies who handle EU citizens data to ensure data protection and respect for individual privacy are reflected at both a technical and organisational level in their business.
Businesses who take a best practice approach to complying with the GDPR, achieve an internationally recognised “gold standard” whilst also improving their business automation, data management, data security and data processing practices. They also improve customer trust, business credibility and insure against reputational risk and the existential threat posed that a failure to comply with legal requirements represents.
At a basic level the GDPR requires you to:
- Implement Data Protection by Design and by Default
- Honour the GDPR Principles
- Honour Data Subjects Rights
- Educate your employees, at all levels, about their rights and company obligations.
- Implement appropriate technical and organisational data protection measures.
- Have a justifiable, legitimate base for all data processing.
- Conduct cross border transfers securely, with appropriate safeguards.
- Keep appropriate records.
- Create and maintain a Privacy notice.
- Appoint a DPO
- Notify the ICO of data breaches and incidents
- Comply with ISO-27701
At AIPRIVSEC we believe that striving to achieve a best practice approach to these mandates allows you to realise the benefits that achieving the “gold standard” set by the GDPR can provide to your business.
To learn more about how we can help you to become and stay GDPR compliant or gain access to our GDPR white paper click here.
UK Regulation
The current regulatory position in the UK is set by the Data Protection Act 2018 which has retained the GDPR in UK law following Brexit in 2018. As such it is currently mandatory for all UK companies, or companies handling EU and UK citizens data to implement the requirements set by the GDPR in their business.
The DPA18 makes very few changes to the GDPR. As a result, the UK’s data protection and privacy regime has been deemed “adequate” by the EU Data Protection Board such that data transfers between the EU and UK can continue without companies needing to put in place additional safeguards.
However, due to UK parliament’s current desire to distance itself from the EU following Brexit, new and radically different data protection and privacy legislation is set to be introduced in the UK. See Data Protection and Digital Information Bill (No.2). This new act introduces significant changes to the GDPR into UK law and thus poses a threat to UK adequacy.
As such business preparedness for a “No-UK Adequacy” situation is strongly recommended. To understand how AIPRIVSEC can help you achieve this, click here. For access to our white paper on the GDPR click here
Data Protection and Digital Information Bill (No.2) (DPDI2)
The new and fast-progressing DPDI2 will usher in change such that while it seeks to retain the core elements of the GDPR e.g. principles it also radically departs in areas with the aim of simplifying data privacy and protection for businesses and reducing the burden that implementation places on them.
After the DPDI2 comes into effect all new UK businesses will need to abide by it. Key changes that will be introduced by the DPDI2 fall into the following categories:
- Legitimate Interest
- Anonymisation
- Records of Processing
- Technical and Organisational Measures
- Data Protection Impact Assessments
- Data Subject Rights
- Direct Marketing Restrictions
- Targeted Advertising
- Automated Decision-making and AI
- International Transfers
- PECR and Cookies
- DPO/Appointed Representatives
- Reforming the ICO
- Research
- And more…
Because the changes introduced by the DPDI2 are extensive and aimed at improving the experience of businesses implementing and maintaining data protection and data privacy. If it is successfully passed into law, it will present companies with opportunities to reduce costs and take advantage of new leniencies and greater scope for processing. In turn, this may provide prepared companies with a competitive advantage. Overall, preparedness for the DPDI2 is now desirable.
If you’re interested in getting prepared for the DPDI and want to gain access to our white paper on the DPDI2. Get in touch by clicking here.