The Information Commissioner’s Office has continued its efforts to tackle what it calls the myths surrounding the government’s forthcoming General Data Protection Regulation (GDPR).
Set to come into law on 25 May 2018, the GDPR brings the EU’s new data rules into UK law – and plenty of complaints have already been made about it.
However, the ICO thinks it’s a great idea and has been at pains to deal with much of the ‘scaremongering’ that has grown up around the policy – some of which it insists is ‘commercially driven’.
In the latest blog, the ICO’s Deputy Commissioner, Steve Wood, has tackled the ‘myth’ that the GDPR is ‘an unnecessary burden on organisations’.
A little glibly perhaps, Mr Wood says the ‘new regime is an evolution in data protection, not a revolution’. (Note to ICO: try not to use the word ‘regime’ in connection with something you are trying to make sound nice.)
He goes on to say that the policy makes organisations more accountable in their use of people’s personal data while enhancing the rights of individuals, and merely builds on foundations that have been around for the last 20 years.
Addressing criticisms that the GDPR will be particularly troublesome for small and medium-sized (SMEs) enterprises, Mr Woods writes: ‘We have long recognised that SMEs may have limited time and resources for compliance and have acknowledged this in our regulatory approach. But many of these criticisms fail to recognise the flexibility that the key principles in the DPA and GDPR provide – they scale the task of compliance to the risk. Many of the principles reinforce tasks businesses will already to undertake in relation to record keeping – e.g. the principle on data minimisation.’
You can read the whole thing here. It’s good.