Just when we thought we were getting our heads around GDPR and the data protection legislation in the UK, we find the law evolving to plug some of the holes we’ve been putting up with for years.
It seems like digital regulation is ramping up in nearly every country in the world at the moment, but the shape and aims of the regulations vary considerably between jurisdictions.
In the UK, data protection legislation may seem complex but it is still largely based on principles and it needs to be grounded by ethics as well as the law. It seems that just about every nation across the globe has or is about to release a new version of their own privacy laws and the UK is no exception. We can’t, however, always wait for the law to react when technology continues to advance so quickly. There needs to be a fundamental shift in accountability and responsibility across all areas of a business. We’re not suggesting that every employee familiarises themselves with every aspect of data protection law, just that everyone has a general awareness and understanding of their role in securing data. Security and Data Protection are still not being considered at each level of a business, re-iterating that we’re falling behind on providing the right training and education to our people. If 90% of breach incidents are a result of human error, how many could we have prevented with a little more awareness training? We can pass extensive, complicated laws but unfortunately, we just can’t regulate attitudes and mindsets.
We could arguably make the following opinions about the way the world see’s data protection and privacy:
- • In the UK – Privacy is a Fundamental Human Right
• In the US – Privacy is a Fundamental Business Right
• In the EU and most of the world – Somewhere between UK and US
• In China and Russia – Privacy is a Fundamental State Right
While global legislations are welcomed and do go a long way to protect the citizens of the world, the difference in approaches to privacy legislation between nations is vast, with no real hope of a unified global law.
The monetization of data has given rise to even larger amounts of data being collected at every opportunity and with this has inevitably come an increased tendency to exploit that data.
This brings us back to ethics once again. We should aim to establish greater harmonization and trust by providing guidelines that make us consider privacy in every area of a business, without stifling the creation and advancement of new technologies. As long as each nation has a different reason or agenda driving their privacy legislation, it will never be easy to truly harmonize these laws across the globe. Perhaps the only way to achieve some level of unity is by leveraging strong principles and ethics in all of our working practices, achieved by privacy awareness and education across all areas of the business?
