Could UK’s Planned GDPR Implementation Signal Global Trend?
Earlier this week, the UK Government announced its plans to introduce new legislation that will give citizens greater control of their personal data. The legislation will expand on existing law that allows people ‘the right to be forgotten’ which (mostly) applies to internet search engines. Outside of public, scientific and historic interest, the new regulation potentially gives people the right to ensure all businesses delete their personal data if requested.
The proposals outline several key areas in which data regulation will change. Broadly speaking, these are:
- Allowing for simpler withdrawal of consent for companies holding personal data
- Allowing people to ask for their data to be deleted
- Requiring explicit consent in cases of sensitive personal data
- Expands the definition of personal data to include cookies, IP address and DNA
The legislation, which is widely interpreted as an implementation of the EU’s incoming General Data Protection Regulation (GDPR), is designed to align the UK’s data regulation with the EU’s, following the former’s scheduled departure from the European Union.
Although the impact on businesses is still being debated, with companies facing fines for non-compliance, the legislation will result in businesses having to be more accountable for their handling of customer data.
As such, service providers will need to ensure they adjust the way to respond to customers’ data requests, but more importantly, ensure they have systems in place for appropriately storing and making use of data. With GDPR coming into effect in May 2018, non-European service providers operating in other EU Member States will have to make similar adjustments.
According to the EU-wide regulation, personal data can only be transferred to countries outside of Europe where an adequate level of protection is guaranteed. As such, the impact of GDPR is likely to be felt well beyond the borders of Europe; non-EU service providers that operate in European markets are also likely to be affected by GDPR.
The issue of GDPR compliance fits into broader issue of how companies store and use personal data following dozens of high-profile data breaches in recent years. With consumers increasingly aware of the value of personal data, brands are having to demonstrate to their customers that they are handling their data responsibly.
With GDPR coming into effect in May 2018, many global service providers are now confronting a crossroads with how they handle customer data. Regardless of whether companies operate outside of the EU, those that choose to adopt stronger data privacy measures will inevitably seek to market themselves as more reliable and trustworthy than their competitors.
Companies seeking to implement stronger data protection measures can do so with relative ease by adopting third party identity solutions designed with this principle in mind. Mobile Connect, with its privacy promise through the “privacy by design” principle that guarantees users control over which companies they share their data with along with what data is shared, is one such solution. For more information on how Mobile Connect can be used to service your business, please visit https://mobileconnect.io/business/Back