Accessability Links
Job search

A new age of data protection: What you need to know

25 Aug

Data protection is on the lips of organisations and consumers everywhere at the moment, with new regulations set to shake up the way we think about, protect and access personal information. While the General Data Protection Regulation is governed by the EU, it will still undoubtedly impact all of us in the UK. Virginia Chinda-Coutts, Group Director of Data Protection at IFDS, explains why.

What does the Data Protection team at IFDS do?

I head up a team of two and together we manage and deliver the Data Protection (DP) Programme for IFDS. I’m responsible for DP oversight across Europe and Asia and joined the company to help shape the look and feel of how we approach personal data from a governance and strategic perspective. We have long -term goals which look at what we need to do in this area now and into the future and the General Data Protection Regulation plays a major part in this. Our team sits within the Group Compliance function and we have a variety of important ties with other teams across the UK and cross-border.

Our objectives are to roll out, embed and maintain the Group DP Policy and DP Framework across the organisation and manage and deliver the DP Programme. We are also increasing and enhancing DP training and awareness across all IFDS business areas.

What is the General Data Protection Regulation?

A key driver of our DP work is the new legislation: the General Data Protection Regulation (GDPR). This European regulation is designed to unify and strengthen DP within the EU and came into force in May this year. All EU member states have got until 25 May 2018 to comply with the new rules and while Brexit may influence the UK’s inclusion in this regulation in the future, we will still need to apply the legislation as the deadline is before Britain will leave the EU.

The GDPR will overwrite the current legislation, which dates back to 1995. Each EU member state currently has its own EU DP regulation so the GDPR will be one overruling version that all member states must comply with. Any non-European or non-EU country which offers goods and services to EU citizens will also have to comply with the legislation.

The new rules will strengthen the rights of individuals in relation to how organisations process personal data, providing more transparency on what they do with data along with giving people new rights. Individuals can request to stop the processing of information and ask an organisation to transfer all data from one service provider to another. There are also the ‘right to be forgotten’ laws, which are actually already in existence but the GDPR gives this right more prominence.

The GDPR is also about bringing the legislation into the ‘Digital Age’ as the current DP Directive was introduced prior to advances in technology and social media.

What are the repercussions of not adhering to the legislation?

The cost is huge if an organisation is found to be non-compliant. Fines can be anything up to 4% of global annual turnover or €20 million, whichever is greater. Currently in Europe not many regulators have got powers to fine and in general, the level of fining for EU member states is low. The new legislation and penalties imposed for non-compliance have completely changed the landscape. Regulators will be in a stronger position to act if they deem it necessary.

How will IFDS be impacted by the new data protection laws?

We’ll be responsible for ensuring we adhere to the new legislation where it applies to us, as a services provider and data processor. And not only are we working in collaboration with our clients to make this happen, but work is also underway internally to embed the requirements we have as an organisation and data controller. As a result the IFDS DP team is constantly working to provide training material, as well as ongoing awareness to our thousands of staff on what DP means for them.

While Brexit may have raised some questions over the future of the GDPR in the UK, it is undoubtedly one of the most significant changes to data protection in recent history and we will be working hard to ensure IFDS is compliant and ready for it coming into effect.

If you're interested in finding out more about the diverse range of roles available at IFDS, take a look at out current vacancies here
Add new comment
NANorth America
Join us
EMEAEurope, The Middle East & Africa

Awards & Accrediations