City academics discuss GDPR at press briefing
Titled 'Privacy and the individual - What difference will GDPR make?', the briefing featured a panel of academics from across MCSE,
The GDPR will replace the Data Protection Act 1998 which was brought into law in order to implement the 1995 EU Data Protection Directive.
The GDPR seeks to give individuals more control over how organisations use their data and imposes penalties for organisations that fail to comply with the regulation, and for those that suffer data breaches.
Dr Haynes spoke to the importance of consent in the new GDPR regime:
"Consent is one of the legal bases for fair processing of personal data under GDPR. The criteria for consent are much more rigorous than previous legislation. Consent has to be freely-given, informed, unambiguous, and specific. It must also be signified by a positive action, rather than inertial inaction. However consent is meaningless unless individuals are educated about online safety – we need a ‘highway code’ for the internet and an active information literacy programme for the public."
Paul Pedley pointed out a flaw within the GDPR in dealing with breaches of informational privacy:
In predictive analytics individuals can be linked based on shared behaviours and interests. They can be targeted based on categorisation without being identified as such. The GDPR fails to address breaches of informational privacy which occur at a group level, focussing instead on the protection of individuals.
Cher Devey touched on the reluctance of organisations to disclose data breach incidents and reminded her audience that the GDPR will hold organisations accountable with fines and penalties.
As part of her PhD research, Devey has devised a prototype dashboard to assess data privacy harm by addressing the initial breach notification question (to notify individual users or not) before notifying affected individuals and the Information Commisoners Office (ICO) during the initial data incident response.
She says "Organisations will be called upon to be transparent and respect the rights of individuals to know about breaches."