The General Data Protection Regulation has been implemented by the European Union Parliament, with their intention being to strengthen and unify data protection for individuals within the EU and exported out of the EU. The primary objectives of the GDPR are to give citizens back control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. [For more information please see the Interinstitutional File]
This raises many questions for the future of our personal data, for instance with Brexit now looming it is only a matter of time before the UK will have to make a decision about whether to adopt a GDPR of it’s own. This will not only further protect user privacy and data, but will ensure we can remain competitive in the EU. (Cite: Lahiri)
This morning, as featured in Computer Business Review, Kris Lahiri, Co-Founder & Chief Security Officer at Egnyte, takes an interesting look at the General Data Protection Regulation and what this means for data processors.
GDPR: Controller or Processor? Here’s What You Need to Know
If we consider that there are both data controllers and data processors handling personal data. The controller determines the purposes and means of processing personal data, whereas the processor just processes the data on behalf of their customer, the controller. (please see Lahiri’s article for a much better explanation!)
With that in mind, under the new GDPR legislation the processors will now be held legally accountable for the personal data that previously only data controllers had to worry about. As noted by Lahiri, this is a game changer for data processors as they will have to approach their job in a new way to factor in potential legal sanctions for not cohering to the GDPR regulations.
To read the first two articles in Lahiri’s GDPR three-part series please find the links below:
Zoe Mackenzie 