GDPR vs Brexit: The Fight For Data Protection
23 August 2017 09:37
Brexit was, depending upon your political beliefs, either the proud people of Britain finally shaking themselves free of the shackles of Brussels, ready to stride forward into a new and prosperous dawn, or instead the greatest political hoodwink of the 21st century.
Far be it from us here at usecure to decide which of these is the most apt description of last year’s referendum, but we can say with confidence that those who believed the vote was going to ensure Brussels no longer had a say on the lives of those living and working in Britain might be a little annoyed by the GDPR.
The GDPR – General Data Protection Regulation – is the new EU regulation intending to combine and strengthen data protection within the European Union. Its primary aim is to give citizens more control over their data and how it is used by businesses and organisations. The legislation was made in April 2016 and is due to come into effect in May 2018, roughly one year before the UK is due to leave the EU. You would be forgiven for thinking then, that Britain would only have to suffer one year under its regulatory grasp, but this is not the case.
The GDPR, regardless of whether the UK government intends to include elements of it as part of the Great Repeal Bill, applies not just to any person or organisation within the EU, but to all countries that process or hold the personal data of EU citizens, whether that country is a part of the EU or not. EU citizens whose data is held or processed by organisations in the UK will have eight rights which are either entirely new or strengthened versions of those they already have under the Data Protection Act (DPA). These rights are:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling
These eight rights are not insignificant, and neither are the fines which organisations which do not abide by them can face: up to €20 million, or 4% of worldwide annual turnover—whichever is higher.
The EU argue that this new legislation is needed to reflect the changing digital landscape where consumers can often be misled into giving away their data, and supporters will say that the decision to take power away from organisations and give it back to the person concerned is proof that the EU has always had the individual’s best interests at heart. But is it also further evidence of the EU forcing its regulations and legislation upon the lives of those who live, and in the UK’s case no longer live, under it? Those who agree with this second statement will see the GDPR as a vindication of the decision to leave, but will likely also take issue with the fact that Britain’s newly found independence is not offering all the freedoms they were promised.