Buckle in for more new data protection regulations Sep 3, 2019Views: 253
Just when you thought it was all over, that all your data protection processes were up-to-date, along comes another EU regulation on personal data. No, you haven’t travelled back in time and are reading an article about GDPR. This is GDPR 2.0 and it’s called ePrivacy Regulation (Jaws music plays in the background). It’s due to come into effect this year and although it has a different focus to GDPR, it has been designed to work in sync with it. But what is it and most importantly, how much of a headache will it give me?
The ePrivacy Regulation will replace the ‘ePrivacy and Electric Communications Directive 2002’. The word “regulation” makes it a legal act which will be immediately enforceable across the EU; much like - yes you got it - GDPR (or General Data Protection Regulation). So pull up your bootstraps and buckle in, because we’re in for another wild ride.
While GDPR was mainly about protecting personal data, the ePrivacy Regulation is more about protecting personal privacy across electronic communications. So, for example, as a payroll provider, the GDPR is concerned with the data you hold and who can access it; whereas the ePrivacy Regulation is more concerned about how you are transmitting the data. GDPR is still the Big Daddy and will sit above the ePrivacy Regulation and apply to wider data protection orders, whereas the ePrivacy Regulation will deal with specific subjects inside the scope of GDPR.
The regulation states that "electronic communications data should be defined in a sufficiently broad and technology-neutral way so as to encompass any information concerning the content transmitted or exchanged... and the information concerning an end-user of electronic communications services processed for the purposes of transmitting, distributing or enabling the exchange of electronic communications content; including data to trace and identify the source and destination of a communication, geographical location and the date, time, duration and the type of communication."
So communications are protected regardless of where the data has been transmitted from. Such data should always be confidential and if you interfere with the communication of that data then, through human or automated processes, then guess what, you’re breaking the law. For example, scanning electronic messages, listening to calls, monitoring a list of visited websites or monitoring interaction between users - without consent - is a big fat no no. So if as a company you do any of the above you’ll need to have a team meeting.
But there are also OTT (“over the top”) communications, no not a bunch of emotional teenagers in a room together, they are named so because they sit on top of services provided by a named service, i.e. WhatsApp or Facebook. The ePrivacy Regulation is designed with the OTT services in mind (getting with the times) and all will be brought within the scope of EU privacy rules and will be bound by the same rules as traditional methods. Cookies are also a huge part of what you need to know as a company because you’ll now need to configure your software so that it offers the option to prevent third parties storing the information.
Gee, that sounds like a lot of work, I think I’ll pass. OH NOOOO you don’t, like GDPR this is non-negotiable and there are some eye-watering consequences of not complying. Penalties range from up to £10 million or 2% of your global turnover (whichever is higher). And before you say “well this is an EU regulation, doesn’t apply to Brexit Britain” then you're wrong.
In order to achieve a whitelisted status from the EU and be seen as a safe zone under GDPR, the UK has passed its own laws that work in tandem with the new EU regulations. And given that the regulations cover communications and technologies that cross territories, the majority of businesses will need to comply even if they’re not in the EU.
You’re welcome. Good night. Sweet dreams.
Written by Aoibheann Byrne | BrightPay Payroll Software
You need to be logged in to comment