New EU Data Rules – How It Affects Tech Businesses and Consumer Trust
The role of new EU data rules in building trust in the digital age.
We live in an online and connected society. Digital enabled technologies and innovations such the Internet of Things, health apps, wearables and data analytics are poised to unleash a wave of new goods, services and opportunities.
They promise new solutions to both new and age old problems from public services such as healthcare to buying household products.
Data lies at the heart of this budding revolution. However, the speed and depth of this innovation is also raising thorny challenges.
Issues such as the transparency and trust in organisations, gathering and using data, are coming to the fore in the public debate around the data-driven economy.
High profile data breaches and the inherent complexities of data gathering are increasing citizen concerns and decreasing trust in data use.
In responding to these challenges, European policy-makers have sought to overhaul Europe’s data protection regime.
What The GDPR Sets Out
Over the last four years the EU Member States and institutions have been negotiating a new set of rules for data protection in the EU.
The new General Data Protection Regulations, which is set to come into force in 2018, will determine how tech firms does business, and particularly how they manage, protect and use data in the future.
The new rules will apply to businesses located inside the EU and to any business, which processes European citizens’ data, and offer them goods or services.
Citizens will also have new rights and powers in how they manage and control their data.
The EU’s objectives in the GDPR was to create a global gold standard of protection for citizens and deliver a consistent regulatory framework for industry to help deliver the promise of a Digital Single Market.
The GDPR in practice
The draft GDPR will make significant changes to the existing provisions regarding consent. It will require consent to be specific, informed, unambiguous and freely given in order to be acceptable.
Explicit consent will be necessary where sensitive data is involved but citizens will also have the right to withdraw their consent as easily as they provided it.
Businesses will need to keep detailed internal records of processing and policies in order to demonstrate compliance with the draft GDPR.
They’ll also be required to report serious data breaches asap or within 72 hours of the breach occurring.
Additionally, citizens will have greater rights including the right to request the deletion of personal data and the right to request a copy of their data in a portable and usable format.
As the global economy becomes ever more data driven the significance of these new EU rules cannot be overstated.
There is no doubt, that in the short term, innovative data driven businesses of all sizes will face a challenging time in implementing these new rules.
However, the big test will be whether Europe’s consumers and citizens really do feel better informed and protected as a result of the new rules and whether Europe’s businesses are able to stay at the forefront of digital innovation.