Following on from my blog post outlining an A-Z of Digital, here is “L is for Legal”.
With the increasing about of things interacting with our daily lives, the area of Legal and Security play a big part.
The most common of these is the Terms and Conditions (T’s and C’s). We are presented with a myriad or applications each with their own T’s and C’s to tick a check box to say we have read them when we install or update them. Most people will just click the box and accept them, but when was the last time you actually read the Terms and Conditions and you have just signed up to clean toilets for a couple of weeks? Makes you wonder what you have actually agreed to in all those T’s and C’s previously accepted!
With further adoption of the as a service economy, it is important to read the T’s and C’s and keep up to date with any changes that are made to them as they are updated. Changes could mean that your data can be used by the provider – e.g. Robot vacuum company mulls selling maps of homes.
One of the next big legal items to come along is GDPR (General Data Protection Regulation);
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) from 1995. The regulation was adopted on 27 April 2016. It becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require any enabling legislation to be passed by national governments and is thus directly binding and applicable.
GDPR will introduce one of the biggest shakeups of data protection in years. Understanding its impact on your businesses is an important role for legal, IT and the business to ensure compliance going forward when it takes over the current data protection laws on 25 May 2018.
The main points of GDPR cover new rights that need to be considered include:
- Valid consent must be obtained to store data
- Right to be forgotten
- Access to data and sharing and portability of data
- Protection of data by design and default
- Obligation to notify of any breaches
Are you ready for GDPR?
- Whats ahead for security and cloud adoption
- Retail data and the brexit vote
- The impact of GDPR on the Public Sector
- IoT Device Security Considerations and Security Layers