Wright Hassall took part in the ICO’s EU Reform workshop in London on 26 January 2016; the workshop was to bring together different sectors’ professionals’, government bodies and privacy experts to explore the ICO’s approach to the reform of data protection.
Wright Hassall was pleased to attend and represent our clients and ourselves as a legal firm affected by the reform. We want to continue to be involved in engaging the ICO and help in any way to help them develop their strategy towards the new EU reform.
The new EU Reform impacts clients across all sectors: the private sector (Data Processors), public sector, sport, housing, care, health, education and charities. This is an important time for data privacy as it is the first major reform in over 20 years.
There were many outcomes from the workshop, however the overarching message that came loud and clear was the Regulator wanted to engage and gather views, ideas and suggestions to help them, support citizens, data controllers and data processors manage and understand the Data Protection Reform. Read more on what the changes look like here.
Christopher Graham, Information Commissioner said “"Move on nothing to see here" is no longer the case, this is just the start to how we comply with the EU General Data Protection Regulation. We (the ICO) with you can do this and today is the start of the process. We need to do this together and we need to get it right. To see many representatives here today is a positive step forward”.
Paula Tighe, Director Information Governance – “The main message I want to share is there is nothing to be scared about as a data controller, processor or citizen. If, as a controller or processor, you collect, use, share, store and secure personal information and you inform your customers and collect the right consent at the right time and you have a robust Information Governance and people development system you are on the starting blocks.
If you have identified your current controls, gaps and risks and have set about creating and managing a clear set of governance controls (policies, procedures and standards) and used these to develop your workforce through behavioural change training systems, again you have a good foundation to start from. The next part stage is to become more aware of the EU Reform and how it will apply to you and the people whose information you collect”.
The Information Commissioner is attending many events talking about the current and founding Data Protection Act 1998 and how the EU Reform will impact organisations and as such how they need to look inside to ensure compliance.
This is important as a recent poll of over 2,000 people showed 78% found keeping their data secure was most important, 80% said it was very important to them that their data was not shared incorrectly and 67% said it was very important that they were given access to their data. One of these people could have been your customer or employee.
Background in brief
After four years of debate, on 15 December 2015 a significant step towards the adoption of the EU data reform package was taken as the institutions of the European Union – the Commission, the Council, and the Parliament agreed the new rules that will be put in place across the EU. The General Data Protection Regulation (“GDPR”) is intended to replace the current Data Protection Directive (95/46/EC) and the Data Protection Act 1998. The aim of the GDPR is to harmonise the current data protection laws in place across the EU member states and the fact that it is a “regulation” instead of a “directive” means it will be directly applicable to all EU member states without a need for national implementing legislation Although minor changes still remain possible this paves the way for the reform package to be formally adopted in early 2016 with the GDPR coming into force two years after with the aim for the final adoption in Spring 2018 (however the end of 2018 may be a more realistic date).