GDPR may not be perfect, but it’s an important milestone in data protection

Increasing confidence in digital economy

Strong data protection laws will help increase trust and confidence in the digital economy. The UK’s data economy is expected to be worth £241bn by 2020, creating hundreds of thousands of new jobs.

The potential use and value of data is vast. From improved customer insights, delivering more tailored goods and services, to improving business efficiency and understanding diagnosis and treatments in healthcare.

However, that will only be realised if people have trust and confidence in the way their personal information is being used. These are all elements that will be improved under the GDPR.

We know the impact of data breaches on a brands’ reputation. There are plenty of historical, and some more recent, episodes where a data breach has negatively affected user confidence. GDPR will give more control to consumers to determine who has their information and for what purpose. This should be seen as an opportunity for companies to build user trust.

Data flow alignment with EU

Alignment with the EU will help ensure data can keep flowing post-Brexit.

Since the EU referendum, techUK has been clear about a top priority of the tech sector in Brexit negotiations: data must continue to flow freely between the UK and the EU post-Brexit to allow the continued growth and dynamism of both our digital economies.

It is estimated that 70% of the UK’s trade is enabled by data flows, and the UK represents 11.5% of global data flows – 75 % of which are with the EU. This is a key issue for businesses of all sizes.

Once the UK becomes a third country, the provisions allowing the automatic free flow of personal data between EU member states will no longer apply to the UK.

EU data protection laws put restrictions on data being transferred out of the EU to third countries for the understandable reason of wanting to ensure that European data is sufficiently protected when it sits in a different country. 

The only suitable and sustainable solution is to agree mutual adequacy agreements between the UK and the EU.

Adequacy is a determination by the European Commission that states a third country has a data protection framework which is “essentially equivalent” to the EU’s and therefore protects data to an appropriate degree. Once agreed, adequacy allows the free flow of data between the EU and that third country, with no additional burdens or obligations at company level.  

UK must take part in conversation around data

If the UK is to be a global leader, it needs to maintain global influence.

Beyond the continued free flow of data, the government is seeking a bespoke arrangement whereby the UK Information Commissioner’s Office (ICO) would have a continued role on the European Data Protection Board.

The ICO brings several benefits to the EU’s data protection policy development, from resources to thought leadership. The industry, therefore, unequivocally supports that aim.

Further than that, the UK must be a part of the global conversation about privacy and being able to influence the EU’s approach, as it moves towards the likelihood of a “GDPR 2.0”, is an important element.

These are just three of the key reasons why we should be celebrating GDPR taking effect today. As I said at the outset, GDPR is not perfect but it is important. It gives consumers much greater control over their personal information; it allows data to continue flowing; and ensures the UK to continue to influence the EU – and the global – approach to data protection.