Like many people I received a lots of emails this week, advising me to confirm that I still wished to subscribe to newsletters and other services. This is due to the General Data Protection Regulation (GDPR as the EU loves acronyms) effective from 25 May in all EU member states and covers your personal data such as name, address, photos, email address, bank details, posts on social media networking sites, medical information and computer IP address.
Any business that stores any of this information must now ensure that it is kept securely and anonymously. They also have to give you access to the information and tell you how it is stored, shared and acquired. To help the EU obliges all states to create a new authority to oversee complaints, as well as the administration of the policy.
We have been here before. Twenty years ago, the UK introduced a Data Protection Act (DPA), and an expensive ombudsman to administer it. In the last twelve months that body, the Information Commissioner, collected fines of £290,000 from three local councils. Breaches of the GDPR, which overwrites the DPA, can result in much larger fines of 4% of global revenue or 20 million euros. The difference is that this money will not be recycled around government, but vanish into one of the EU’s many accounts.
With their track record it is only a matter of time before the UK Government fails to protect someone’s data and gives the EU a last chance to recoup the revenue it will lose when Brexit occurs on 29 March 2019.