Daily Archives: April 13, 2018

“The legislation is four to five times more complicated than existing law”

The Economist: The joys of data hygieneEurope’s tough new data-protection law. “Complying will be hard for businesses, but it will bring benefits too.”

“The new law was mostly written by privacy-conscious Germans. Consent to collect and process personal data now has to be “unambiguous” and for “specific” purposes, meaning that catch-all clauses hidden in seldom-read terms and conditions, such as “your data will be used to improve our services”, will no longer be sufficient. “Data subjects” can demand a copy of the data held on them (“data portability”), ask for information to be corrected (“right to rectification”), and also request it to be deleted (“right to be forgotten”).

The GDPR is prescriptive about what organisations have to do to comply. They have to appoint a “data-protection officer” (DPO), an ombudsman who reports directly to top management and cannot be penalised for doing his job. They also have to draw up detailed “data-protection impact assessments”, describing how personal data are processed. And they have to put well-defined processes in place to govern the protection of personal data and to notify authorities within 72 hours if there is a breach. Companies that persistently ignore these rules face stiff fines of up to €20m ($25m) or 4% of global annual sales, whichever is greater.

As a result the GDPR ensures that all organisations which collect and keep data will take their use (and abuse) much more seriously”

The GDPR will have effects on my weblog as well. See WordPress.org:

GDPR Compliance Tools in WordPress.

“GDPR compliance is an important consideration for all WordPress websites. The GDPR Compliance team is looking for help to test the privacy tools that are currently being developed in core.
What is GDPR?

GDPR stands for General Data Protection Regulation and is intended to strengthen and unify data protection for all individuals within the European Union. Its primary aim is to give control back to the EU residents over their personal data.

Why the urgency? Although the GDPR was introduced two years ago, it becomes enforceable starting May 25, 2018.”