Whether it’s the European Data Protection Regulation or other regulations passed in countries around the world, there are plenty of pieces of data protection laws to consider.
And for a good reason too. Data breaches are becoming more prevalent while consumers are becoming increasingly concerned about how their data is being used by businesses and governments alike.
To help you stay on top of the data protection and regulation trends to note, I’ve compiled a list of what you need to know.
Let’s start with some basics first. So right now, there are two different sets of data protection laws applying across Europe – one is called “the law” (GDPR), while the other is an older blueprint for how businesses should behave (Directive).
The EU’s GDPR is designed to bring rules for all companies into line with new technology that existed when the existing laws were created.
It will replace the outdated Data Protection Directive, implemented in 1995 before the widespread use of the internet and mobile phones. Consider the Salesforce data recovery cost before you use it.
The GDPR has been welcomed by many as it gives individuals more control over their data. This is because of new rights, such as transparency on how their data is used and the right to access information held about them. The GDPR also brings in stricter rules on consent.
It states that you will need explicit consent for any use of personal data – so no pre-ticked boxes or default opt-ins anymore.
And suppose your company collects any sensitive information (known as unique category data, including race, religion, sexual orientation, or health).
In that case, it must be clear what that means for users and why you ask permission to do this with their data. Most importantly, businesses must keep track of all personal data they process under GDPR, allowing customers to demand access at any time – including seeing who has their information on file.
This is very different from the current rules, where data protection authorities can use an informal cooperation process to request this information.
I’ve only just touched on some of the key points here, so if you want a more in-depth guide about what GDPR means for your business, I recommend checking out the Information Commissioner’s Office website.
Also, keep an eye on our blog because we’ve also put together a detailed overview of how GDPR will affect small and medium businesses.
What else should you be aware of?
Well, California recently passed its Consumer Privacy Act which takes effect from January 1st, 2020. Although not as comprehensive as GDPR, it does give Californians the right to see what personal information companies have stored, demand that they delete their data, and prevent certain types of data from being sold.
For companies with a physical presence in California, the state will hold them accountable for using and protecting their customers’ personal information.
So why are these affecting UK businesses? Well, many will argue that this law goes beyond what’s required by GDPR as it includes specific provisions on things like facial recognition technology, internet-connected toys, or children’s apps.
And just as we saw with the introduction of GDPR last year, UK businesses must adapt to ensure they’re compliant – even if these rules only apply to US citizens.