The GDPR (General Data Protection Regulation) is an EU regulation that will come into effect on the 25th May 2018, this means that the UK Parliament is not involved in whether this regulation is to pass. Although what exactly does it mean for individuals?
The GDPR attempts to give the EU citizens/residents control over their personal data and provide the following things for individuals(in relation to data):
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
The regulation means that companies will have to take more measures in protecting "personal data" inside and outside of the EU. It should allow individuals to more easily access what information companies hold on them and possibly even allow deletion of such data (Right to erasure/forgotton).
So what about after Brexit?
Well, since this regulation will be in effect during the Brexit transition period, it will carry over into UK legislation. From here, the UK can choose to modify or remove it. This does not mean it will not apply to UK companies after Brexit regardless, this is since the legislation applies internationally to all individuals who are part of EU member states and many companies process data from EU citizens/across the EU, however the UK has already stated that it will comply with the GDRP. "to this end, on August 7, 2017, the UK Department of Digital, Culture, Media and Sport (the “DCMS”) published a Statement of Intent, in which it outlined the policy and objectives behind a proposed Data Protection Bill (the “Bill”)".
Critisisms has stated that this may affect smaller businesses as they must take more measures to protect data and are now more likey to be required to hire individuals to make sure that the regulation is followed, inducing more administrative paperwork and costs. As such, many companies may not be adequately ready to meet this regulation in time.
Although, the GDPR can be seen as a step in the right direction to let companies think more seriously of personal data and it's importance.
Extra Links and Sources:
- ICO: Guide to the GDPR
- GDPR and Brexit
- Shearman GDPR and Brexit: What to expect in 2018
- TheRegister: EU GDPR. Comply or not
- Wikipedia: General Data Protection Regulation