LEGAL CORNER: Calling time on Britain's outdated data protection laws
Not everyone gets excited about data protection '“ until, that is, it comes to light that miscellaneous personal information has been captured and secretively stored, or is being used in an alarming manner.
You may be surprised to learn that the UK’s current electronic information legislation dates back to the last century: the oft-quoted Data Protection Act was passed in 1998, no less than 19 years ago, when the world of electronic data was a very different place.
These days it may seem difficult to believe that in 1998 Amazon and eBay were relatively new start-ups (founded in 1994 and 1995 respectively), that tablet computers were not available to buy on the high street, or that it would be another nine years before we would glimpse an iPhone, the first of which was launched by Steve Jobs in 2007.
It was a far cry, then, from today’s world of global call centres and data storage clouds – clearly, the 1998 legislation was designed against a very different backdrop, and one that feels strangely archaic.
Now though, no matter how Brexit plays out, the UK has no choice but to comply with new pan-European rules being brought in next year by the European Union.
EU General Data Protection Regulation (GDPR) will apply uniformly across the EU and its introduction is being welcomed by European consumers. GDPR will make it illegal to transfer personal data to a country or territory outside the European Economic Area (EEA), with the exception of a few pre-approved states. Interestingly, so far the USA is not on the non-EEA approved list and, as a consequence, individual American companies will be required instead to certify they comply with an EU-US Privacy Shield agreement.
The GDPR regime also aims to ensure that, throughout Europe, electronic information is held in accordance with eight overriding governing principles. These include a rule that personal data must not be kept any longer than necessary and a requirement that those with access to data must act in accordance with our rights as data subjects.
With fines for non-compliance of up to €20 million or two per cent of world-wide turnover, it is important for UK businesses to take the new GDPR rules seriously and be well-prepared ahead of a May 2018 deadline.
For more details on how the new pan-European data protection laws will affect your business, contact the George Ide team on 01243 786668, or email us at [email protected]
George Ide, LLP
Solicitors of Chichester and Bognor Regis