Were you ready for the new data regulations? Are you still struggling to comply?
Listen to what she had to say when the GDPR came into force on the 25th May 2018. Her message is simple and reassuring for those businesses that weren’t ready for the deadline. The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO will enforce the GDPR. Watch the message from the Commissioner here.
It is our job to make sure we know exactly what is happening in the world of data protection so we can keep our customers informed and there are still changes ahead on the data protection horizon. We have been taking a look at the GDPR news headlines with great interest and it didn’t take long before complaints were filed against technology’s biggest names.
The BBC reported…
The companies are accused of forcing users to consent to targeted advertising to use the services. An organisation called None Of Your Business (NOYB), which is run by Austrian attorney and privacy advocate Max Schrems, has already lodged complaints against Google and Facebook, as well as Facebook-owned Instagram and WhatsApp, with four different European authorities. Privacy groupnoyb.euled by activist Max Schrems said people were not being given a ‘free choice’.
The complaints, which are based on the argument that these companies are violating Article 7(4) of the GDPR by forcing users to give consent, are likely the first of many complaints that will be filed to test the GDPR.
Privacy group noyb.eu led by activist Max Schrems said people were not being given a “free choice”.
If the complaints are upheld, the websites may be forced to change how they operate, and they could be fined.
(Ed: Links to BBC.CO.UK News Article)
A service used to identify and contact website owners has been forced to strip out information on its site to comply with the EU’s GDPR legislation.
‘Whois’ is often used by journalists and police to make quick checks into the legitimacy of websites. It no longer shows contact names, email addresses or phone numbers. Icann, the owner of Whois, had asked for more time to comply with GDPR despite having had years to prepare. The request was turned down.
(Ed: Links to BBC.CO.UK News Article)
The Chicago Tribune and LA Times were among those saying they were currently unavailable in most European countries. Meanwhile, complaints were filed against US tech giants within hours of the General Data Protection Regulation (GDPR) taking effect.
GDPR gives EU citizens more rights over how their information is used. It is an effort by EU lawmakers to limit tech firm’s powers. Under the rules, companies working in the EU – or any association or club in the bloc – must show they have a lawful basis for processing personal data or face hefty fines.
(Ed: Links to BBC.CO.UK News Article)
The Express reported…
This bombshell revelation follows an “embarrassing” leak of personal details of hundreds of citizens by the European Commission. This leak would normally constitute a breach of the General Data Protection Regulation (GDPR) if other organisations had done it themselves.
However, a spokesman the commission said, based on “legal reasons”, European institutions are separate from the GDPR. Instead, officials will follow a new law similar to the GDPR but this does not come into effect until autumn.
(Ed: Links to EXPRESS.CO.UK News Article)
Wilbur Ross, US Commerce Secretary, hit back at Brussels’ new data protection laws, GDPR, that came into force last week. He said they will make it harder for American firms and other nations to trade with the EU, and added the US government is “deeply concerned” with the new restrictions.
Despite there being less than a year until the UK is supposed to leave the EU, the new rules which have caused business chaos across the continent will remain as a part of EU law after Brexit. Mr Ross said: “GDPR’s implementation could significantly interrupt transatlantic co-operation and create unnecessary barriers to trade, not only for the US but for everyone outside the EU.”
(Ed: Links to EXPRESS.CO.UK News Article)
My thoughts on the NOYB case have been well documented over business and social media networks these past weeks (If you have not caught up, please subscribe to our LinkedIn, Twitter and Facebook feeds). The summary of this case will stretch long into 2019 and probably 2020. Considering the previous case lodged against Facebook by Mr Schrems in the Republic of Ireland, which is now being referred for clarification to the European Courts of Justice, it could still have a wider effect on the US Privacy Shield and its incompatibility with the GDPR. Read our previous relevant article.
This links to statements made by Wilbur Ross in the past week, as the US Government have known about GDPR law just as long as everybody else. So invoking a trade war based upon a lack of comprehension of this regulation is a poor excuse.
As we passed the GDPR enforcement deadline on the 25th May 2018, the UK Data Protection Act 2018 was given royal assent and passed into law, along with it the required articles of law covering the GDPR, yet we noted the lack of clear reporting from the news media.
Yes, we all know that GDPR has dominated the internet headlines (and your mailbox), but hardly a murmur about the new DPA2018 (which we will follow up next week). But this is no Y2K issue, the GDPR is upon us with enforcement now live across Europe.
Whilst it is no longer big headline-grabbing news, statistics quoted this last week are stating that only 38% of businesses are prepared for the GDPR across Europe and only 3% of those claim to be fully compliant. Is there any such thing as fully GDPR compliant?
Australia appears to have just woken up to the news that they may need to know about GDPR. The USA thinks GDPR is a barrier to trade and some US newspapers have blocked EU citizens from accessing their news publications online.
What is certain, is that many organisations have ignored the enforcement deadline. Although a few of the supervisory authorities like the UK’s ICO and France’s CNIL, may show leniency during the grace period, they will not ignore inactivity of a business failing to act upon the new data protection laws.
(Ed: Links to beinfoready.co.uk News Article)
If your answer to any of these questions is “NO”, then we are here to help you, train you, train your members of staff in how to protect your business. Practical training, using real-world examples, not legal jargon.
Author: Adrian McGarry
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)