appeared in Connect Jersey, April 2017
After four long years of political negotiations and lobbying, the EU agreed the wording of the "General Data Protection Regulation" (GDPR) in December 2015. This will impact every entity that holds or uses European personal data both inside and outside Europe. The GDPR will have a profound effect on how personal data is obtained, processed, stored and disposed of when it’s implemented in May 2018.
Significantly, unlike the current regime, the GDPR extends to any organisation located anywhere in the world if your business is offering goods or services into the EU or if you’re capturing personal data on EU citizens, irrespective of whether you’ve a presence in Europe.
Jersey is a trusted location for international data and it’s important that our data protection regulations remain appropriate and robust to remain competitive. The Island has therefore committed to enact equivalent legislation in line with the GDPR to ensure that it maintains its ‘adequacy’ status.
The key changes that GDPR introduces
The GDPR will give individuals an increased level of control over their information. Key issues businesses need to be aware of:
How this impacts your business
You need to understand the type of data that your business is collecting and processing and the associated risks. We advise that you firstly conduct a review over what data is held by your business, including where it’s held and how it’s processed. In fact, PwC’s expertise in this area covers the legal, consulting and assurance aspects of the GDPR, in order to provide a one-stop service relevant to your organisation. Those who consider their future strategic plans when determining their response will benefit most from the new regulations.
The bigger picture
Whilst many individuals freely share personal data on social media, there’s a growing awareness surrounding data privacy, particularly in relation to more valuable data like identity, financial and medical records. Customers expect you to have strong controls and good data hygiene and it only takes one incident to create long-lasting reputational damage. The GDPR will accelerate this movement as individuals gain greater control over their privacy.
The GDPR raises fresh challenges for Jersey, but also provides an opportunity to react effectively and develop it as a competitive strength. An effective response to the GDPR will take time and it’s vital that businesses are engaged and fully prepared.