On May 25, the European Union’s General Data Protection Regulation officially becomes law. The legislation, which lays a new legal framework for managing data within the EU, has grabbed headlines over the last twelve months as businesses, organisations and individuals prepare for life under the bill.
As GDPR prepares to enter into law, Wire brought together leading data security and privacy experts to discuss the challenges and opportunities presented by the legislation. Wire CTO, COO and co-founder, Alan Duric was joined at the company’s Berlin office by Jan Albrecht MEP, Vice Chair of the European Union’s Committee on Civil Liberties and the chief negotiator for GDPR, Justice and Home Affairs, Katharina Miller, President, European Women Lawyers Association, and Dr. Philip Fabinger, Global Privacy Counsel, HERE Technologies.
The panel began by discussing the role of the government legislation in the rapidly changing world that is now being built on the twin pillars of globalization and digitization. Several speakers noted that as organisations find themselves managing increasingly large volumes of data, they do so without the aid of a uniform set of procedures and practices.
As Jan Albrecht explained, while food standards and the sale of dangerous goods have both been closely regulated for some time, lawmakers have been slower to safeguard personal data.
This is where GDPR comes in. The legislation exists to “regulate the realities” by providing a protective framework that regulates the lifeblood of modern industry — data.
Dr. Phillp Fabinger went one step further, arguing that as the world becomes increasingly built on human-machine and machine-machine communication, GDPR will be an important step forward in delivering regulation fit for this new technology economy.
The panel suggested that to some extent, GDPR is experimental by nature, a novel example of how governments can approach new, complicated technological questions and begin to manage appropriately the increasingly interconnected world. In implementing a common standard across Europe, they argued, GDPR brings to bear a law that can be applied an effective, extra-territorial way. This is vital, as Katrina Miller explained, since data protection is a worldwide challenge for businesses, which lends itself to a supranational solution.
In short: when networks and markets are global,
laws must be too.
The panel went on to explain that GDPR is planned to work in two distinct ways:
- first, increasing data protection by directly ensuring compliance through the issuing of financial penalties,
- and second, to hopefully be responsible for sparking a new wave of innovation within businesses by encouraging organisations to streamline data management.
The speakers argued that GDPR would see organisations implement a new baseline standard for data security, with privacy by design and security default set to quickly become par for the course in data management circles. This would in turn have many benefits for the businesses themselves as organisations gain increased insight and control over data.
Alan Duric further reinforced this, concluding the panel by saying that: GDPR is about encouraging change as well as forcing it. It’s the first step in legislating for a digitized, interconnected world where data has leapfrogged the dollar as the currency of choice.
Business, organisations and individuals are already preparing for change and by all implementing systems built on security and transparency, we can protect data and ensure privacy now and in the future.
Listen to the whole panel session on SoundCloud.
See also:
Eight valuable insights from a discussion panel on opportunities of the GDPR
