Emily Taylor, associate fellow of Chatham House took the stage at SC Congress London and explained that the GDPR is a measure of just how seriously we take data in this modern age.
Taylor says that when looking at directive 95/46/ec, the original data protection law dating back to 1995, it is essentially an “archaic text, from a simpler time” which makes no mention of cloud, big data and analytics.
She goes on to explain that given the text of the new General Data Protection Regulation took 3 years to agree on, it should act as a measure to explain just how seriously we take data in this modern age, where the adage says “if you're not paying for the service, you're the product”.
“The top five most popular websites in the world collect so much data on us, that we need to force them to properly protect our data” she said.
And the GDPR does just that, by cutting the bureaucracy and bringing in serious changes in data protection laws in light of the Snowden revelations which taught us a lot about government surveillance and the amount of information collected on citizens by government intelligence agencies.
Renate Samson, director of Big Brother Watch agreed with Taylor, saying that although the GDPR is going to be “wildly irritating” to implement, we are all “digital citizens” and because of the amount of data that we create through IoT devices, we need to consider privacy by design across the board.
Samson went on to say that the GDPR has sparked a very interesting conversation on data which citizens are benefitting from.
Despite thinking that the GDPR is “fantastic”, Emma Philpot, Director and CEO of the IASME Consortium says that SMEs need help “getting to the start line” in order to help them take data more seriously.
She said that despite the introduction of the Cyber Essentials Scheme, the concept of a breach to SMEs is still very much a foreign one, let alone what the GDPR is asking of them due to the lack of time to implement security throughout the company.
Philpot wants to see more SMEs encouraged to take cyber-security more seriously by helping them understand the consequences of non-compliance.