You may have read about the General Data Protection Regulation (GDPR), which will take effect in May 2018. But now there's a second privacy-related regulation on the horizon. The European Commission presented its formal proposals for the new ePrivacy Regulation on Tuesday 10th January.
Since the last ePrivacy Directive was created, back in 2002, there's been an explosion in the worlds of digital technology and data. So the new Regulation is much needed to catch up with the all the changes we've seen and provide a sound framework for privacy in the future.
A few highlights of the ePrivacy Regulation
ePrivacy will be a Regulation and not a Directive. Therefore it will be adopted in full across all EU member states and not adapted to suit each country, as has happened in the past for EU Directives.
It's broad scope covers the processing of electronic communications data, regardless of whether that processing takes place within the EU or elsewhere. It applies to OTTs (Over The Top) service providers such as:
- Facebook Messenger
- VoIP (Voice Over IP) service providers such as Skype and Viber.
These digital providers will in the future be bound by the same laws as more traditional providers, which have for a long time been regulated for telephone calls, email communications and SMS messages. As with the current ePrivacy Directive, whenever electronic communications are used for direct marketing purposes via email, SMS or telephone, prior consent must be obtained. It's good to see that the so-called 'soft opt-in' will remain, although potentially with some limitations.
Under the ePrivacy Regulation there would not be a requirement to gain prior consent if cookies are just being used for configuration purposes - such as keeping a website stable when items are in a shopping basket, or for first party tracking.
But what about the General Data Protection Regulation (GDPR)?
Despite all the changes coming with Brexit, the UK Government has recently confirmed that the GDPR will be implemented in the UK as planned on 25th May 2018.
A recent survey by Symantec of 900 businesses across the UK, Germany and France found that more than 90% of responders didn't fully understand GDPR. It's evident that many organisations need to get themselves up to speed very quickly!
GDPR will impact upon how organisations collect, process and share. The regulation enhances individual rights as well as introducing new requirements, such as:
- A higher bar for consent
- New requirements for profiling
- New liabilities for data processors
- Data portability
- Data protection officers
- Data protection impact assessments
- Notification of data breaches
- Much higher fines and penalties.
Would GDPR training benefit you?
If you're not up to speed with GDPR yet and how it will affect your business, perhaps you should consider our specialist training course. Take a look at the course here. Alternatively, get qualified in data protection with our online award.