In a shock announcement this morning from the ICDRB (International Coalition of Data Regulators and Bodies), Data Protection laws across the EU and parts of Africa are set to be reviewed and most like repealed by the end of the year. Speaking from the ICDRB’s headquarters in France, deputy director of the organisation Ms Celeste Faux-Nom stated that “After consultation with technology giants and resistance from corporates, laws such as GDPR and corresponding acts across Africa will be repealed pending review, most likely by the end of 2019.”
What does this mean?
This poses an interesting question regarding the amount of effort and spend that companies have already made for compliance with these laws. Yes, companies are in a better space if they have worked on compliance, but what now?
Information shared by Ms Faux-Nom showed that the data and analytics gained from tech giants such as Facebook and Google were just “too valuable” and that halting them from analysing personal information at will was a “violation of the rights of businesses to compete”. Targeted advertising, though reviled by most people, is still a billion dollar industry. Restricting this could see entire nations losing part of their GDP.
Going forward, companies will not be required to comply with data protection regulation, and data breaches would not be covered by data protection laws, but would instead be governed by company agreements, non-disclosures and agreements with clients “in good faith”.
Where do we stand?
It will soon be up to you whether you wish to comply with data protection or not. The announcement is seen as a win for companies, though many rights groups are understandably up in arms about the announcement. For those in the US, California may need to reconsider it’s laws that it recently implemented.
In South Africa, we are likely to see an indefinite delay on POPIA, with compliance efforts set to stall across the board. You’ll still need to comply with your NDAs, but you will no longer need to tell your clients what you are doing with their data or why, opening the doors for some really effective development and no-holds-barred analysis and development on data – no matter the source.
What do we do first?
The first thing to realise, is that it is April 1st, and that none of this is true. It is still vitally important that data protection regulation is adhered to in order to avoid some of the scenarios described above. Data Protection is here to stay, and is a great right that is being given back to individuals across the globe (mostly). You as an organisation need to protect the information of your clients, employees and suppliers, and need to adhere to data protection principles in everything you do.
Implementation of these laws and compliance to them is no small feat, and as such you should be working towards compliance on a regular basis. If you have not started, you should jump on before it’s too late; GDPR has been in place for almost a year, and POPIA is set to be in place by the end of 2019 (if the grapevine is to be believed). If you need help kicking off efforts, or just need someone to manage what you have in place currently, reach out for an estimate. Through a network of professionals, Ross G Saunders Consulting offers numerous services and offerings to kick your compliance into high gear.