Naureen Shariff examines the new GDPR Regime
October 19, 2017
In September I was asked to attend and speak at a conference in Orange County, California on the use of Nuix in the cloud. This was part of a wider discussion on cybercrime & security, hacking, data control and development of e-discovery platforms.
Interestingly and perhaps most topically was the discussion on GDPR. This is the new buzzword/hashtag/keyword that is trending amongst lawyers and techies alike.
The General Data Protection Regulation (GDPR) is already in force and will apply from the 25 May 2018. It will overhaul EU data protection legislation.
The reason for the new Regs? The explosion of social media platforms such as Snapchat, Twitter, Instagram, Facebook, LinkedIn and the increasing use of & reliance upon the internet. According to Nuix CTO, Ethan Treese, there are more than 7 billion mobile devices in the world. That is nearly one device for every man, woman and child in the world today. And then there are desktops, intelligent TV’s & watches, the list is endless. Businesses are using these devices to collect data on each of their users. They all need protecting. The GDPR is set to provide that protection for individuals by making it a fundamental human right.
Any individual will have the right to ask a business to state exactly what information it holds on them. The definition of what that includes has expanded to:
‘any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.’
Those holding the information will have to provide a copy of the data, free of charge, in an electronic format.
The reach of GDPR isn’t just confined to the EU. Any company outside of the EU who processes data from or provides goods/ services to anyone within the EU will have to comply.
Failure by companies who do not comply could result in sanctions – fines of up to four percent of worldwide annual turnover, or €20m, whichever is greater.
It’s easy to see why lawyers around the world are all a flutter about the new Regs. More rules, more compliance issues, more complicated legislation to navigate and bigger fines.