Data Protection Day falls on January 28th, acting as an annual international reminder of the importance of digital security. Since 2006, Data Protection Day (or Data Privacy Day) has reminded organisations to start each year with strong digital defences. The coming year will see significant changes to data protection legislation worldwide; new data protection laws are being introduced that will change the way organisations and individuals view and manage privacy protection.
The incidence of cyber crimes and identity theft has increased rapidly in recent years, inciting these large-scale legislative changes and making the message of Data Protection Day more potent in 2018 than ever before.
The changes will raise global awareness of data security in 2018. Changes to European Union law will govern any organisation worldwide that handles EU data subjects, demanding the attention of every international business. This year will see companies worldwide inspecting their data privacy policies, prevention practices, and breach response procedures in order to prepare for the changes.
What will change in 2018?
The two jurisdictions undergoing the most change this year are likely to be Australia and the EU, introducing the Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB) and the General Data Protection Regulation (GDPR), respectively. Canada is also working towards enacting data breach notification regulations this year, the Breach of Security Safeguard Regulations, similar to the NDB act in Australia.
The NDB act and the GDPR share a common goal: to increase privacy protection, to minimise the frequency of data breaches, and to create transparency in data handling and processing procedures. While the objectives of the two laws are similar, they are designed to achieve success in different ways.
The new Australian privacy law takes a principles-based approach, encouraging organisations to increase data protection in order to avoid an eligible data breach, and therefore to avoid fines and negative publicity. The new EU privacy law takes a practice-based approach, making increased data protection a legal obligation, rather than a suggested precaution against a data breach and its consequences. The GDPR also offers far greater financial penalties for non-compliance.
As well as clearly outlined steps to be taken by data processors, the GDPR involves several regulations not included in Australian law, including:
- the mandatory appointment of protection officers where data is processed regularly;
- a minimum standard of information technology systems and privacy protection programming;
- the right to data portability (the right of a data subject to request access to, and share, their data) and;
- the right to erasure (the mandatory destruction of data, once it is no longer relevant, or upon request).
Because of the comprehensive nature of the GDPR, it is set to become the gold standard of privacy protection legislation, and will have a pervasive impact on privacy protection worldwide.
A summary of the GDPR and the NDB Privacy Amendment
How can your business prepare for the changes?
Staying informed about which legislative changes might affect your business is the first step to success as these new laws come into play. Access our best-practice guide to securing your business against cyber threats, for further steps you can take in-house. Contact Avtel Data Destruction for information on our unique and secure data destruction method that complies with new legislation.
This blog post is intended for informational purposes only. Although every effort has been made to present accurate and current information, accuracy cannot be guaranteed. Please note that the information within this document does not constitute legal advice and should not be relied upon as such. For legal or professional advice, contact a solicitor.