In 2006, the Council of Europe launched 'Data Protection Day', on 28 January. The date has particular relevance, as it is the date, in 1981, upon which the Council of Europe’s data protection convention, known as “Convention 108” was opened for signature.
This was the first legally binding international instrument in the data protection field. Under this Convention, parties are required to take the necessary steps in their domestic legislation to apply the principles it lays down, to ensure respect in their territory for the fundamental human rights of all individuals, with regards to the processing of personal data, are honoured.
Data Protection Day is now celebrated globally and is called Privacy Day outside Europe.
The European Union has established common rules, which ensure high standards of personal data protection. This year, 'The Year of Data', as we like to refer it, the European data protection rules are undergoing the biggest change since the 1990’s, due to the introduction of the European General Data Protection Regulation (GDPR) in May this year.
People´s personal data is being processed every second – at work, in their relations with public authorities, in the health field, when they buy goods or services, travel or even browse the Internet.
Individuals are generally unfamiliar with the risks related to the protection of their personal data. They are seldom aware of what they can do if they consider that their rights have been breached, or of the role of national data protection agencies. The GDPR regulation will give European citizens, wherever they live in the world, greater rights to their personal data.
The key elements of the new data protection rules are:
- One set of rules across the continent, guaranteeing legal certainty for businesses and the same data protection level across the EU for citizens.
- The same rules apply to all companies offering services in the EU, even if these companies are based outside the EU.
- Stronger and new rights for citizens: including the right to information, access, and the right to be forgotten are strengthened.
- A new right to data portability, which allows citizens the right to move their data from one company to another. This will give companies new business opportunities, where the opportunity to 'switch' is made easier for the consumer.
- Stronger protection against data breaches: a company experiencing a data breach, which put individuals at risk, must notify the data protection authority within 72 hours.
- Rules with teeth and deterrent fines: all data protection authorities will have the power to impose fines for up to EUR 20 million or, in the case of a company, 4% of their worldwide annual turnover.
In the Channel Islands, both Governments have approved new data protection laws, which have been referred to the Privy Council for Royal Assent.
Paul Vane, Deputy Information Commissioner at the Office of The Information Commissioner, Jersey said:
“Data Protection Day is an important day to reflect on the importance of protecting personal data especially when it has been entrusted to others. We all have a responsibility to be respectful of an individual’s data and remain vigilant and proactive about protecting it.
In a global digital economy, strong data protection rules are crucial in ensuring the free flow of data across borders. Where people trust that their personal data is protected, they are more likely to use services and new technologies.”
With just over 100 days left before the application of the new law, please ensure your data and your clients' data is GDPR ready. Importantly, that all your employees are GDPR aware and have had the necessary training to support them in the changes in regulations.
Marbral is here to help www.marbraladvisory.com/gdpr
Useful resource https://thinkgdpr.org/overview/ from the Office of The Information Commissioner and The Office of the Data Protection Commissioner.