Here at Vuture, we’re committed to helping our users get GDPR-ready well in advance of its enforcement, which represents a seismic shift in the world of data privacy.
Data protection is more important now than it’s ever been, and with good cause. As we career towards a predominantly digital existence, one that will likely peak when all of human consciousness has been uploaded onto the cloud so we can watch lolcat videos forever, the quantity of personal information being digitally spirited into existence is truly mindboggling.
But how did it come to this? Where did it all begin?
The first ever data protection law – Sweden’s Data Act – was passed nearly 50 years ago, in 1973, and came into effect the following year.
The Swedish Data Protection Authority made it illegal for any person or company to use information systems of any kind to handle personal data without a license. In the late 60s, citizens of the progressive Scandinavian nation had become concerned about the growing use and storage of personal data, and the Data Act was conceived to allay their fears.
Once the EU announced their own Data Protection Directive of 1995 (implemented in 1998), Sweden, like the rest of the European Union, was happy to abide by its updated rules.
Meanwhile, in the USA, a blanket approach to dealing with data protection has been eschewed in favour of state-to-state, industry-to-industry regulation.
Federal provisions exist in sectors such as communications, health, education and finance, but, as most US states generally don’t recognise an individual’s right to privacy, regulation is limited outside of those exceptions and private data is considered fair game to store and use if you’re willing to collect it – even without permission.
In the United Kingdom, on the other hand, the EU’s ’95 directive has been upheld since its inception. Not content to abide by one data protection regulation, the UK also unveiled its own: The Data Protection Act 1998, a “provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information.”
And then…nothing.
From the mid-90s to the late 00s, little change came to European laws around sourcing, using and storing private data, despite the global technology boom and the vast increase in the amount of private data flooding onto the internet.
From banking to commerce, communication to entertainment, education to employment – personal data was everywhere, and worryingly under-protected by growingly archaic laws.
In 2009, the European Commission did something about it. The EU instigated a public consultation on data protection, resulting in the decision to act. By 2012, proposals were published for an all-new regulation: the GDPR.
EU approval was granted in 2014, and in 2016 the GDPR was officially adopted by the Council of the EU and the European Parliament – due to come into force in May 2018 after a two-year grace period, 20 years after the enforcement of the Data Protection Directive.
Which brings us to today: 10 months from a monumental change in the way businesses throughout the world will have to operate.
Despite the US’s historically dissimilar data protection methodologies, organisations on the west side of the Atlantic must also abide by the GDPR’s rules in relation to EU companies or nationals whose data they use, store or share in any way. US firms, like all others outside of the EU, must be GDPR-ready if they have clients or contacts in the Union.
Becoming compliant is no easy task. There is much work to be done, and both time and expense will need to be spared to complete it.
If you feel like you’re behind the curve, it’s not too late to get up to speed.
Talk to us today about your GDPR goals or fears, and we’ll show you how you can get compliant using best practices before the regulation hits.
If you’re keen to learn more about the history of data protection, check out our GDPR Timeline. It also contains links to a range of helpful resources that will help you with the transition.
By Adam Deakin, July 2017