Why privacy will soon be everyone’s business
23rd March 2016
TECHNOLOGY and data have played a major part in the success of many of the companies in this year's Ward Hadaway Yorkshire Fastest 50, not least that of the overall fastest growing company, ESP Systex.
A number of other businesses in this year’s rankings also use technology and data to improve or develop new products, to speed-up and automate a range of different services or to explore new business markets.
The systems and processes for the collection, use and protection of individuals’ personal data within businesses are growing in importance year-on-year, whether this data concerns their employees or their customers.
However, major changes are on the horizon that are set to affect how companies exploit technology and data within their businesses.
The changes arise from the introduction of the General Data Protection Regulation (GDPR). This is new European Union legislation that will result in companies having to re-consider how data protection issues effect and are addressed within their businesses.
Getting the correct systems and processes in place requires an upfront investment from businesses, but it is an investment that is essential given the consequences if personal data is stolen or leaked – think of the fallout from events within the last 12 months such as the hackings of the Ashley Madison website or the TalkTalk customer database.
Additionally, the financial penalties applicable under the GDPR for breaches of data protection law would be dramatically higher than under the current regime, with fines running into millions of Euros or based upon a percentage of a company’s worldwide turnover.
For those businesses where technology and data cross over, a significant change will come through the introduction of the concept of “privacy by design and by default”.
This concept will require businesses to implement data protection measures within the design of new products, services or other data processing activities rather than adding on such protections once the products/services/activities have been developed. Furthermore, businesses will be required to perform data protection impact assessments to identify privacy risks in new products/services/activities.
In practice, this means that all businesses at the inception of a new project – e.g. when building a new IT system for storing or accessing personal data; embarking on a data sharing initiative; or using data for new purposes – should consider conducting a privacy impact assessment to record that they have considered the data protection implications of the project and identified any privacy risks that may flow from it.
Whilst complying with these requirements will for most businesses require changes to the way they develop products/services and add additional time/costs at the start of projects, if introduced effectively the changes could benefit businesses by making products/services more effective for their customers and ultimately reduce future development costs (and avoid expensive fines!).
Whilst the new regime will not be fully in force until 2018, many businesses are already taking its implications into account when developing new and existing products/services so as to ensure they will be compliant when the law changes.
In a very real sense, privacy will soon be everyone’s business.
* This article first appeared in the Ward Hadaway Yorkshire Fastest 50 2016 supplement. To read the supplement in full, please click here.
Please note that this briefing is designed to be informative, not advisory and represents our understanding of English law and practice as at the date indicated. We would always recommend that you should seek specific guidance on any particular legal issue.
This page may contain links that direct you to third party websites. We have no control over and are not responsible for the content, use by you or availability of those third party websites, for any products or services you buy through those sites or for the treatment of any personal information you provide to the third party.