New data law ‘will help consumers reclaim control’
New data regulations to be introduced across the European Union next year are being promoted as if they are profoundly negative, when in fact they will enable consumers to reclaim control over their personal information, according to a leading security expert.
Speaking on a recent visit to Dublin, Paul Ducklin, a senior technologist at the security software and hardware firm Sophos, said discussion around General Data Protection Regulation (GDPR), has tended to focus on issues such as bigger fines for companies, rather than highlighting the benefits for both businesses and the public.
“The GDPR focus is on the data breach side of things and the fines associated with it. The reality is that there are 99 articles or subsections in the legislation, of which only three relate to breaches,” said Mr Ducklin.
“It is hard to fault much of the motivation in GDPR because it specifically says that companies will no longer be able to just collect whatever information they want to use as they see fit. You can’t say I’m collecting data and I might find a use for it in 10 years’ time. There has to be a specific reason why it is being collected and GDPR helps set the guidelines on what is appropriate to collect,” he added.
GDPR is the most comprehensive data protection legislation to be passed in the history of the EU. The regulation governs the privacy practices of any company handling citizens’ data. It also requires that public authorities and certain companies processing personal data on a “large scale” must have an independent data protection officer.
Mr Ducklin said GDPR was very much a case of the EU saying consumers should have more of a say over what happens to their data and questioning why others might want it in the first place.
He also said GDPR, which comes into effect in May 2018, may pose challenges for businesses, but was of benefit because it would force them to take greater care over data.
Mr Ducklin’s comments come as a survey reveals 77 per cent of Irish consumers plan to take advantage of their new rights when GDPR comes into force.
The study of 1,000 adults, commissioned by analytics firm SAS, shows two-thirds of adults welcome the right to access to information stored on them while 66 per cent want the right to erase data.
In addition, 63 per cent want the right to rectify information about them if it is inaccurate or incomplete, with 62 per cent welcoming the right to restrict processing of personal data.
Meanwhile, new research from Baringa Partners reveals companies risk losing up to 55 per cent of customers in the UK if they suffer a significant personal data leak.
Of these, 30 per cent of respondents said they would switch provider immediately upon hearing of a breach.