Data Protection Update

by Michael on 3 January, 2014

My last post on this subject was as recent as March last year, but the DMA has updated the current state of play in the last couple of months.

It struck me that I attended my first seminar on Data Protection in 1982, run by the forerunner of the DMA. So that’s over 30 years for both of us, which says something for my longevity and the DMA’s influence and input in protecting our industry.

The current plan is that 2014 is for refining processes and definitions, with the regulation being passed in December 2014 and passed into UK law in December 2016. But with European elections in May 2014, it is quite possible that the work needed to be done by April will not be in place, and with a new Commissioner after the elections, the timetable will slip or there may even be a new start.

But we are currently moving, sooner or later, to an explicit consent regime, where consent will need a clear, affirmative action beyond anything that most data now has. This means that most legacy data will be unusable, existing lists and prospect lists will be decimated, and profiling will be very difficult. List broking will be severely restricted, there will be large costs to comply, and probably huge fines for breaches used to fund a much more rigorous system.

Preparing for Data Protection Changes 2014

So what to do? Given the probability of delays, maybe nothing at the moment, as the whole regulation could be rewritten – and that still gives well over 2 years to comply. But if you want to use legacy data over 2 and a half years old, maybe start thinking now. If I was a data controller I’d want to analyse how all parts of my data and data usage is likely to comply under a new regulation, and what I’d need to do over a period to comply. And as a data processor, where we will be covered by the new proposed regulation, I think I’ll leave that until May.

There’s a lot more detail on the right to be forgotten, obligation to notify, subject access requests, compliance obligations, international transfers, delegated acts, cross border issues, privacy impact assessments – it goes on.

So thanks to the DMA once more. I know what we are likely to need to do as an agency to comply (if the current regulation comes in), when we need to act and the likely business impact on us (not good, either on turnover or our cost base, maybe we can make something on consultancy!). But well worth the DMA membership fee many time over for anybody who makes money out of data.

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: