Keep Calm & Privacy On: EU Privacy Regime Builds on Well-Established Principles, Not Revolutionary, Says U.K. Privacy Regulator


The new European Union privacy regime is “an evolution in data protection, not a revolution,” and there is no reason it should be a burden on companies, the U.K. privacy regulator said in an Aug. 25 blog post.

The U.K. Information Commissioner’s Office (ICO) released its latest blog in its EU General Data Protection Regulation myth-busting blog series, an attempt to calm the nerves of companies that will need comply with the law in May 2018.

Not everyone agrees with the ICO. There has been much chest-pounding and hyperventilating around the world over the last couple of years over the looming negative impact that the GDPR’s stricter privacy standards could have on companies and on technology innovation in general.

“It’s going to be a revolution in the protection of personal data,” Maciej Kawecki, an adviser in Poland’s Digital Ministry, which is in charge of the implementation, recently said in reference to GDPR.

Many Canadian companies find themselves unprepared for the regulation that “has the potential to significantly alter business structure and processes for companies,” Bloomberg BNA recently reported.

A bloc of pro-Brexit parliamentarians have threatened to fiercely oppose a new U.K. data protection law that replicates the GDPR because of the strong business compliance obligations it imposes.

But the ICO is much more sanguine about the regulation’s potential negative impact on companies. Rather than revolutionizing data protection, GDPR “is building on foundations already in place for the last 20 years.” The animating principles of GDPR—fairness, transparency, accuracy, minimization—are all things that companies should already be doing with their data, the ICO said.

These principles also provide plenty of flexibility for small- and medium-sized companies, the ICO said, despite the burdens that critics say the GDPR places on them.

The GDPR is ultimately about trust, the ICO said, and if companies build trust with their customers they will be able to more effectively and profitably use their data. “Failing to get data protection right is likely to damage your reputation, your customer relationships and, ultimately, your finances,” it said.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.