The EU has finally agreed on the General Data Protection Regulation after four years of uncertainty and decades of patchwork regulation.
So what does it mean for tech companies? CBR brings together some reactions from the tech industry.
1. Good for cloud
Dr. Dierk Schindler, Head of EMEA Legal Field & Worldwide Contract Management and Services, NetApp:
"At first glance one might think that stricter EU rules and enforcement may be a deterrent to cloud adoption, also because it provides quite severe penalties for both, data controllers and data processors in case of breach.
"However, I believe that we will rather see the Regulation creating a prosperous environment for cloud services. A "Cloud based on EU-Privacy Laws" will carry the label of meeting a high, if not the highest standard to protect the privacy rights of individuals."
2. A red flag
Steve Murphy, SVP, GM EMEA, Informatica:
"The latest agreements on EU data protection rules should raise a red flag to all components of the data supply chain. Far beyond the traditional realms of financial penalties, this latest development could threaten businesses’ viability."
"In a data-centric era where big data fuels all interactions, UK business should be in a strong position to combat a crisis, yet security practise is wildly behind. In fact, recent research from the Ponemon Institute indicates that only a quarter of UK businesses can discover and classify confidential data in the cloud and less than 45 per cent for data on premise."
3. A significant breakthrough
Simon Moffat, Solutions Director, ForgeRock:
"The change in EU data laws, is a significant break through in how online organisations will engage with consumers and end users. The last 2 or 3 years have seen major changes in attitudes to how online data – such as personal information, browsing history, purchase and transaction history – is used, stored and shared.
"Consumers are becoming acutely aware of not only the threat of identity fraud, but also how their online presence can be abused or misused by previously trusted 3rd parties."
4. Major changes ahead
Rosemary Jay, Senior consultant attorney Hunton & Williams’:
"The new rules will bring major change for UK and Irish based companies. In particular national regulators will be required to work with other regulators and final decisions will be made by the EDPB on major enforcement matters.
"This may make a big difference to those companies which have head quartered in Ireland for example. The new regime will represent a significant tightening of the current position and for the UK the extension of the rights of individuals to take court actions and to appeal against the decisions of regulators is likely to have a big impact.
"Although data protection officers are not mandatory in every case the very fact that they are mandatory in some cases will be a big change for the UK and particularly in the public sector."
5. A generation of data-savvy consumers
Quentyn Taylor, Director of Information Security, Canon:
"The new regulation will open the public’s eyes and finally allow them to understand the real value of their personal data.
"With companies being forced to disclose breaches, consumers will recognise how their data is being used and that it has a monetary value for organisations. They will assess if giving it away has more risks or benefits, and might decide not to trust organisations with their sensitive data at all.
"While consumers might try to avoid using a certain retailer or vendor for a while following a breach, convenient access to goods and services will always trump holding back data and missing out. Just ask yourselves: How many of you have changed your games console as a result of a data breach?"
This article is from the CBROnline archive: some formatting and images may not be present.