This page contains a Flash digital edition of a book.
The Analysis News & Opinions

Warning issued over new EU data-protection rules

Creditors and the wider industry have been warned that “we are all going to have to change how we think about data protection” as a result of the General Data Protection Regulations (GDPR), as CCRMagazine prepared to host a debate on the subject. Speaking during a lecture for the Institute of Chartered Accountants in England and Wales, information commissioner Elizabeth Denham, said: “We know that the GDPR will need you to make some changes to the way you do things.

“The GDPR is, at root, a modernisation of the law. The world has changed a lot since 1995, not only technology, but business models, people’s attitudes to their data, their demand that their information is properly looked after. The law needed to change too.

“The GDPR gives consumers more control over their data. Consumers and citizens have stronger rights to be informed about how organisations use their personal data. They will have the right to request that personal data be deleted or removed if there is no compelling reason for an organisation to carry on processing it.

“And they will have the brand-new right to data portability: to obtain and port their personal data for their own purposes across different services.”

The GDPR will include new obligations for organisations. Businesses will have to report data breaches that pose a risk to individuals to the Information Commissioner’s Office (ICO), and, in some cases, to the individuals affected. They will have to ensure that specific protections are in place for transferring data to countries that have not been listed by the European Commission as providing adequate protection, such as Japan and India.

Consent will need to be freely given, specific, informed, and unambiguous, and businesses will need to be able to prove they have it if they rely on it for processing data. A pre-ticked box will not be valid consent.

March 2017

Ms Denham added: “So what can you do tomorrow? The ICO’s website has a 12-step plan to help organisations prepare for the GDPR.

“It sets out advice around making sure key decision makers know the law around personal information is changing, documenting the information the business holds, and reviewing privacy notices. “There is advice in there too around a few key areas of change in the GDPR, some of which may be relevant to your clients, such as dealing with subject-access requests, consent for processing and handling children’s data.

“Then, next week, start getting a more detailed understanding of the new law. The ICO has just published an updated overview of the GDPR. It highlights the key themes of the new legislation, pointing to the similarities with the Data Protection Act, and explaining some of the new and different requirements.

“There are sections in there on the principles the act is based on, the new rights enshrined for individuals, and also some detail on the derogations we might see, that allow for different countries to have subtly different laws.

“It will be a living document, with text added on different points as more guidance is produced, so familiarising yourself with it now, and reading the sections most relevant to your work, lays a solid foundation for offering advice around the law.

“And next month, start taking the first steps towards understanding how GDPR expects businesses to put data-protection accountability at the centre of their business processes.”

The comments come as CCRMagazine was preparing to run a new debate, on the new data protection rules, in association with Ardent Credit Services.

Speaking last month, Stephen Kiely, editor of CCRMagazine, said: “With all the talk of Brexit and its impact in the media at the moment, this is a very appropriate time to discuss one of the most significant 9 Elizabeth Denham, information commissioner

subjects for the industry. I think that, for a long time, the industry was slow to catch on to the real importance of what is happening, so now everyone is hurrying to make sure that they are up to date and ready for any eventuality.

“So I am very pleased to be working with Ardent Credit Services to bring together a forums where people will be able to discuss their ideas, as well as to learn from their peers and ask the questions that they want to be answered.”

Potential new data protection legislation has become one of the most important and controversial aspects of the industry, as creditors and collectors work to build a future amidst new rights for consumers such as the ‘right to be forgotten’.

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56