The biggest overhaul of data privacy regulation in the history of the internet comes into force one month from today.
From May 25 in the EU, the new General Data Protection Regulation (GDPR) will give regulators greater power to levy large fines on firms who mishandle data, as well as hand users new powers to access and control their data.
The new laws also strengthens the jurisdiction of EU regulators, with the new rules applying to all companies and data controllers who handle the data of EU citizens, regardless of where the company itself is based.
Technology and internet giants such as Google, Facebook and Apple will also face greater accountability under the laws – which require firms to report any data breaches likely to “risk the rights and freedoms of individuals” within 72 hours of first becoming aware of it.
The fines for violating the new rules are also significantly larger, with regulators able to impose penalties of up to 4% of annual global turnover or 20 million euro, whichever is greater.
It means multibillion-dollar companies such as the US tech giants could face unprecedented financial penalties.
The regulation is described by the EU as a way to ensure EU citizens’ privacy is protected in an “increasingly data-driven world”.
For users, the new regulation enshrines the right to access their data, including details on what data is being collect and for what purpose.
Many firms, including Facebook and Twitter, have already begun updating their privacy policies in order to meet these new transparency rules, and make it easier for users to see how their data is processed.
The right to be forgotten is also part of the regulation, entitling users to have a data controller erase their personal data upon the user’s withdrawing of consent.
However, there have been warnings about the readiness of smaller companies also expected to comply with the new rules.
Mike Cherry, national chairman of the Federation of Small Businesses (FSB), said some smaller firms may not be compliant by May 25 and has called the Information Commissioner’s Office (ICO) to be understanding in their enforcement of the new laws in the UK.
“As the GDPR deadline swiftly approaches, there is a real danger that many small businesses are yet to have adequately prepared for the changes,” he said.
“Fortunately, for these businesses, there is still time on the clock to start, or finish, their preparations.
“The GDPR is the largest shakeup of data protection laws for years, and whether you are a personal trainer or a consultant, most businesses will have to implement changes to their current practices to make sure they are complying with the new rules.
“Given the extent and the breadth of the changes, it is clear that a majority of small businesses will not be fully compliant before May 25 and will most likely not be compliant when the changes hit.
“With this in mind, it is critical that the ICO manages non-compliance in a light touch manner with the focus being on education and support, not punishment.”
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here