On the 25th May 2018, the much-discussed General Data Protection Regulation (GDPR) will come into force. In an increasingly data-driven world, the GDPR aims to consolidate privacy regulations across the European Union and give individuals greater control over how their personal information is used, ensuring their privacy and safety is preserved.
However, the implications of GDPR for businesses are considerable. The changes include the introduction of tougher penalties for non-compliance, with fines of up to 4% of an organisation’s annual global turnover or €20million (whichever is greater). As a result, the pressure is on for organisations to get their data practices in order to ensure they comply, leading to significant challenges from both a Big Data and an IT Security perspective.
It seems that businesses are beginning to wake up to the impact of this challenge, with our latest Tech Cities Job Watch Report highlighting that demand for Big Data professionals has increased by 51.7% in the past year.
What is the GDPR?
The GDPR is a legal framework which will replace the 1998 Data Protection Act. It will be applicable to all organisations that collect and process the personal data of citizens within the European Economic Area (EEA).
The GDPR broadens the definition of personal data even further than existing regulations, meaning that business areas such as IT which have previously been unaffected by data protection regulation will now need to take a closer look at how they handle data to ensure they comply.
A common misconception is that because the UK is preparing to leave the EU, GDPR will no longer apply. Both the government and the Information Commissioner’s Office (ICO) have confirmed that this assumption is incorrect, and that the regulations will continue to be implemented.
How will the GDPR affect my organisation?
There are many potential outcomes to the GDPR, the impact of which depends on the organisation and the type of data being processed. But some of the main areas of change are:
- Businesses processing personal data on a large scale will be required to appoint a Data Protection Officer, or someone who will take responsibility for data protection compliance. Across Europe, this could have significant implications, with the International Association of Privacy Professionals suggesting that this requirement will lead to the appointment of approximately 28,000 Data Protection Officers over the next two years.
- Cyber security reporting will become more stringent. Organisations must aim to report notifiable breaches to the ICO within 72 hours. In order to achieve this, organisations must ensure that they have the technology, processes and people in place that will ensure they can detect and respond to a data breach.
- Prior to the introduction of the GDPR, many business functions will not have to consider data protection in their day-to-day work. This will shift dramatically from May 2018 onwards, meaning that there is likely to be a requirement for training, to ensure that employees understand the implications for themselves and the business.
- As well as the increased fines that the ICO can impose, the GDPR makes it easier for individuals to make claims against organisations who misuse their personal data.
Many organisations have already begun to prepare themselves for the new legislation, but there is no doubt that it will be a lengthy process. No matter how far along you are in the process, we can help.
Download the latest Tech Cities Job Watch report to find out more about the latest IT salary and hiring demand trends across the UK.
Looking for Big Data jobs? Find out more here.