Connect with us

Tech News

WHAT IS GDPR? THE SUMMARY GUIDE TO GDPR COMPLIANCE IN THE UK

Published

on

General Data Protection Regulation, or GDPR, will overhaul how businesses process and handle data. Our need-to-know GDPR guide explains what the changes mean for you

Europe’s data protection rules are undergoing sweeping changes. To keep up with the huge amount of digital data being created, rules across the continent have been re-written and are due to be enforced. From May 25, 2018, the new mutually agreed European General Data Protection Regulation (GDPR) will update personal data rules.

GDPR will bring outdated personal data laws across the EU up to speed with an increasingly digital era. The previous data protection laws were put in place during the 1990s and haven’t been able to keep pace with the levels of technological change.

When GDPR starts to be enforced by data protection authorities it will alter how businesses and public sector organisations can handle the information of their customers. GDPR also boosts the rights of individuals and gives them more control over their information.

The regulation has spawned a raft of GDPR experts who want to help businesses prepare for the changes GDPR will bring – and make a tidy sum for their expertise.

Elizabeth Denham, the UK’s information commissioner, who is in charge of data protection enforcement, says she is frustrated by the amount of “scaremongering” around the potential impact for businesses. “The GDPR is a step change for data protection,” she says. “It’s still an evolution, not a revolution”. She adds that for businesses and organisations already complying with existing data protection laws the new regulation is only a “step change”.

Still, plenty of confusion remains. To help clear things up, here’s WIRED’s guide to the GDPR.

What is GDPR exactly?

The GDPR is Europe’s new framework for data protection laws – it replaces the previous 1995 data protection directive, which current UK law is based upon.

The EU’s GDPR website says the legislation is designed to “harmonise” data privacy laws across Europe as well as give greater protection and rights to individuals. Within the GDPR there are large changes for the public as well as businesses and bodies that handle personal information, which we’ll explain in more detail later.

After more than four years of discussion and negotiation, GDPR was adopted by both the European Parliament and the European Council in April 2016. The underpinning regulation and directivewere published at the end of that month.

After publication of GDPR in the EU Official Journal in May 2016, it will come into force on May 25, 2018. The two year preparation period has given businesses and public bodies covered by the regulation to prepare for the changes.

GDPR SUMMARY

WHEN DOES THE NEW REGULATION START?
May 25, 2018
WHO WILL ENFORCE IT IN THE UK?
The Information Commissioner’s Office
WHAT’S NEW?
There are new rights for people to access the information companies hold about them, obligations for better data management for businesses, and a new regime of fines
DOES BREXIT MATTER?
The UK is implementing a new Data Protection Bill which largely includes all the provisions of the GDPR. There are some small changes but our own law will be largely the same

Don’t we already have data protection laws?

Each member state in the EU operates under 1995 data protection regulation and has its own national laws. In the UK, the current Data Protection Act 1998 has set out how your personal information can be used by companies, government and other organisations.

GDPR changes how personal data can be used. Its provisions in the UK will be covered by a new Data Protection Act. As noted by data protection expert Jon Baines, the UK’s data protection plan includes everything within the GDPR – although there are some minor changes.

A new data protection Act

The UK government has created a new Data Protection Act, which replaces the previous version that was passed into law in 1998. The 2018 Data Protection Act spent several months in draft formatting passing its way through the House of Commons and House of Lords.

Two days before GDPR was due to come into force the new law completed its journey and became official. It’s full text can be found here. The new Data Protection Act is a complex piece of law, which runs to 353 pages. Largely, it incorporates all the provisions of GDPR but there are some minor differences. Under EU rules, individual countries were able to select some parts of GDPR that could be slightly customised to their desires.

During the publication and passing of the UK’s new data protection law there were some controversies. The law was amended to protect cybersecurity researchers who work to uncover abuses of personal data, after critics said the law could see their research be criminalised. Politicians also attempted to add an amendment to the draft saying there should be a second Leveson inquiry into press standards in the UK but this was dropped at the last minute.

Mat Hancock, the UK government minister who is responsible for data protection, tweeted he was “delighted” the Data Protection Act was passed just before GDPR came into force.

Is my company/startup/charity going to be impacted?

In short, yes. Individuals, organisations, and companies that are either ‘controllers’ or ‘processors’ of personal data will be covered by the GDPR. “If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR,” the ICO says on its website.

Both personal data and sensitive personal data are covered by GDPR. Personal data, a complex category of information, broadly means a piece of information that can be used to identify a person. This can be a name, address, IP address… you name it. Sensitive personal data encompasses genetic data, information about religious and political views, sexual orientation, and more.

These definitions are largely the same as those within current data protection laws and can relate to information that is collected through automated processes. Where GDPR differentiates from current data protection laws is that pseudonymised personal data can fall under the law – if it’s possible that a person could be identified by a pseudonym.

So, what’s different?

In the full text of GDPR there are 99 articles setting out the rights of individuals and obligations placed on organisations covered by the regulation. These include allowing people to have easier access to the data companies hold about them, a new fines regime and a clear responsibility for organisations to obtain the consent of people they collect information about.

Helen Dixon, the data protection commissioner for Ireland, who has major technology company offices under her jurisdiction, says the new regulation was needed and is a positive move. However, she adds that while large businesses are aware of the upcoming changes there needs to be a lot more knowledge in smaller companies, including startups. “One of the issues with startups is that when they’re going through all the formalities new businesses go through, there’s no data protection hook at that stage,” Dixon says.

So, if you’re only just hearing of GDPR, here are some of the bigger changes to be prepared for.

WHO IS IN CHARGE OF GDPR IN THE UK?

GOVERNMENT
The Department for Culture, Media and Sport is the government arm responsible for ensuring that UK law complies with the requirements of GDPR. The government body is responsible for creating the UK’s Data Protection Bill but won’t have control of the day-to-day elements of GDPR once it is enforced.
THE REGULATOR
Once the provisions of GDPR become law in the UK, the Information Commissioner’s Office (ICO) will be responsible for enforcing them. The ICO has the power to conduct criminal investigations and issue fines. It is also providing organisations with huge amounts of guidance about how to comply with GDPR.

Accountability and compliance

Companies covered by the GDPR will be more accountable for their handling of people’s personal information. This can include having data protection policies, data protection impact assessments and having relevant documents on how data is processed.

In the last 12 months, there’s been a score of massive data breaches, including millions of Yahoo, LinkedIn, and MySpace account details. Under GDPR, the “destruction, loss, alteration, unauthorised disclosure of, or access to” people’s data has to be reported to a country’s data protection regulator – in the case of the UK, the ICO – where it could have a detrimental impact on those who it is about. This can include, but isn’t limited to, financial loss, confidentiality breaches, damage to reputation and more. The ICO has to be told about a breach 72 hours after an organisation finds out about it and the people it impacts also need to be told.

For companies that have more than 250 employees, there’s a need to have documentation of why people’s information is being collected and processed, descriptions of the information that’s held, how long it’s being kept for and descriptions of technical security measures in place.

Additionally, companies that have “regular and systematic monitoring” of individuals at a large scale or process a lot of sensitive personal data have to employ a data protection officer (DPO). For many organisations covered by GDPR, this may mean having to hire a new member of staff – although larger businesses and public authorities may already have people in this role. In this job, the person has to report to senior members of staff, monitor compliance with GDPR and be a point of contact for employees and customers. “It means the data protection will be a boardroom issue in a way it hasn’t in the past combined,” Denham says.

There’s also a requirement for businesses to obtain consent to process data in some situations. When an organisation is relying on consent to lawfully use a person’s information they have to clearly explain that consent is being given and there has to be a “positive opt-in”. A blog post from Denham explains there are multiple ways for organisations to process people’s data.

Access to your data

As well putting new obligations on the companies and organisations collecting personal data, the GDPR also gives individuals a lot more power to access the information that’s held about them. At present a Subject Access Request (SAR) allows businesses and public bodies to charge £10 to be given what’s held about them.

Under the GDPR this is being scrapped and requests for personal information can be made free-of-charge. When someone asks a business for their data, they must stump up the information within one month. Everyone will have the right to get confirmation that an organisation has information about them, access to this information and any other supplementary information. As Dixon points out, big technology companies, as well as smaller startups, will have to give users more control over their data.

As well as this the GDPR bolsters a person’s rights around automated processing of data. The ICO says individuals “have the right not to be subject to a decision” if it is automatic and it produces a significant effect on a person. There are certain exceptions but generally people must be provided with an explanation of a decision made about them.

The new regulation also gives individuals the power to get their personal data erased in some circumstances. This includes where it is no longer necessary for the purpose it was collected, if consent is withdrawn, there’s no legitimate interest, and if it was unlawfully processed.

GDPR fines

One of the biggest, and most talked about, elements of the GDPR is the power for regulators to fine businesses that don’t comply with it. If an organisation doesn’t process an individual’s data in the correct way, it can be fined. If it requires and doesn’t have a dat

These monetary penalties will be decided upon by Denham’s office and the GDPR states smaller offences could result in fines of up to €10 million or two per cent of a firm’s global turnover (whichever is greater). Those with more serious consequences can have fines of up to €20 million or four per cent of a firm’s global turnover (whichever is greater). These are larger than the £500,000 penalty the ICO can currently wield and, according to analysis, last year’s fines would be 79 times higher under the new regulation.

But Denham says speculation that her office will try to make examples of companies by issuing large business-crippling fines isn’t correct. “We will have the possibility of using larger fines when we are unsuccessful in getting compliance in other ways,” she says. “But we’ve always preferred the carrot to the stick”.

Denham says there is “no intention” for overhauling how her office hands out fines and regulates data protection across the UK. She adds that the ICO prefers to work with organisations to improve their practices and sometimes a “stern letter” can be enough for this to happen.

“Having larger fines is useful but I think fundamentally what I’m saying is it’s scaremongering to suggest that we’re going to be making early examples of organisations that breach the law or that fining a top whack is going to become the norm.” She adds that her office will be more lenient on companies that have shown awareness of the GDPR and tried to implement it, when compared to those that haven’t made any effort.

WHAT IS PERSONAL DATA?

THE KEY TERMS
GDPR and other data protection laws rely on the term ‘personal data’ to discuss information about individuals. There are two key types of personal data in the UK and they cover different categories of information.
WHAT IS PERSONAL DATA?
Personal data can be anything that allows a living person to be directly or indirectly identified. This may be a name, an address, or even an IP address. It includes automated personal data and can also encompass pseudonymised data if a person can be identified from it.
SO, WHAT’S SENSITIVE PERSONAL DATA?
GDPR calls sensitive personal data as being in ‘special categories’ of information. These include trade union membership, religious beliefs, political opinions, racial information, and sexual orientation.

How to prepare your business for GDPR

When implemented, GDPR will have a varying impact on businesses and organisations: for instance, not every company will require a data protection officer. To help prepare for the start of GDPR, the ICO has created a 12-step guide.

The guide, which is available here, includes steps such as making senior business leaders aware of the regulation, determining which info is held, updating procedures around subject access requests, and what should happen in the event of a data breach. In Ireland, the regulator has also setup a separate website explaining what should change within companies.

The ICO says that “many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA)”. It adds for businesses already complying with the current data protection law, its highly likely they will be meeting many of the GDPR principles.

As well as this guidance, the ICO says it is creating a phone serviceto help small businesses prepare for GDPR. The service provides answers about how small companies can implement GDPR procedures.

What if we don’t comply from day one?

Businesses and organisations impacted by GDPR have had two years to get their systems ready. But things don’t always go to plan. It’s likely that many firms will not be entirely ready for GDPR. The UK information commissioner has stated she won’t be looking to make examples of companies by issuing large fines when they’re not deserved.

The ICO largely takes a collaborative approach to enforcement. Denham has said her office will look to engage with companies rather than issue them with punishments straight away. Companies who have shown awareness and taken steps to comply with GDPR are likely to be treated better than those who haven’t done any work around it.

What is big tech doing?

Technology’s biggest players aren’t exempt from GDPR, despite many of their head offices being based in the US. Where users are registered to an office within Europe – often this is in Ireland – they will be covered by the new regulation.

However, Facebook has quietly decided to move around 70 per cent of its users to be registered in the US, instead of Ireland. This means they will be out of the scope of GDPR’s requirements. The company says it is giving everyone the same privacy protections – no matter where they live or are registered.

Google has also issued notifications to all of its users reminding them to update their setting and review what data is collected about them. It has also updated the settings around its ads as well as building a page for the businesses it works with.

Officials haven’ been impressed by some of the moves from tech firm. Giovanni Buttarelli, the European data protection supervisor, has written a blog post criticising Facebook’s handling of the Cambridge Analytica affair.

 

“The most recent scandal has served to expose a broken and unbalanced ecosystem reliant on unscrupulous personal data collection and micro-targeting for whatever purposes promise to generate clicks and revenues,” Buttarelli wrote. “In such a distorted environment everyone must now participate, instilling the paradoxical sense of being more and more monitored and yet less and less known and respected by the small number of remote tech powers.”

Looking for more?

We don’t claim to have all the answers. In between a lot of GDPR hype there are some incredibly useful resources that have been published on the regulation. Here’s where to go if you’re looking for more in-depth reading:

– The full regulation. It’s 88 pages long and has 99 articles.

– The ICO’s guide to GDPR is essential for both consumers and those working within businesses.

– EU GDPR is full with information on the regulation. It details all you need to know and has a handy countdown clock for when GDPR will come into force.

– The EU’s Article 29 data protection group is publishing guidelines on data breach notifications, transparency, and subject access requests.

This article was originally published in August 2017. It has since been updated with more information and resources about GDPR.

WHAT’S THE DIFFERENCE BETWEEN A DATA CONTROLLER AND PROCESSOR?

THE DIFFERENT TERMS
Not everyone that handles the personal data of individuals is the same and data protection laws allow for this by having two different terms: controller and processor. Here’s what they mean.
CONTROLLER
A controller is an entity that decides the purpose and manner that personal data is used, or will be used
PROCESSOR
The person or group that processes the data on behalf of the controller. Processing is obtaining, recording, adapting or holding personal data

 

 

 

 

 

Source: http://www.wired.co.uk/article/what-is-gdpr-uk-eu-legislation-compliance-summary-fines-2018

Tech News

Shampoo magnate uses glasses-free 3D to push budget phones

Published

on

By

Rokit’s Io 3D and Io Pro 3D tout stereoscopy at a low price.

Remember how shampoo magnate John Paul DeJoria threw himself into the mobile world five years ago? He’s now offering smartphones — and they might be appealing if you find most budget phones a little boring. Rokit’s newly launched Io 3D and Io Pro 3D (above) both offer glasses-free 3D without the expense that usually comes with the tech. You won’t need to go to the length of buying a RED Hydrogen One just to bedazzle your friends. There’s even an “expansive” catalog of content to watch through an app that that hosts movies and other stereoscopic material.

Be ready for phones that are modest beyond the tentpole 3D feature. The Io 3D centers on a 5.45-inch, 1,440 x 720 display, a quad-core 1.3GHz MediaTek processor, 2GB of RAM, 16GB of expandable storage, a rear 8-megapixel camera and a front 2-megapixel cam. Move to the Io Pro 3D and you’ll get a 6-inch 2,160 x 1,080 display, an eight-core 2GHz MediaTek chip, 4GB of RAM, 64GB of expandable storage, a hybrid 13MP and 2MP rear camera system and a front 8MP shooter. Don’t expect excitement when you’re not gawking at 3D footage, then, although you do curiously get a year’s worth of health care services and insurance coverage (including death) for free.

The price is competitive, at least. You can order the Io 3D now for $200 (£140), and the Io Pro 3D for $300 ($250). There’s also a plain 2D phone, the 5-inch Io Light ($90) for those that only need the basics. They may be tougher sells when handsets like the Moto G7 are more powerful overall, but consider this: if you ever lose interest in the 3D, you’re out considerably less money than you might be otherwise.

Continue Reading

Tech News

God Of War Wins Game Of The Year At GDC Awards

Published

on

By

God of War wins big, again.

Sony’s PS4 exclusive action game God of War has won yet another Game of the Year award. Tonight at the Game Developers Choice Awards, Sony’s PS4 game went home with the top prize. This is just the latest win for God of War, as it also won Game of the Year at December’s The Game Awards and in February at the DICE Awards.

Other winners tonight included Celeste for Best Audio, Into the Breach for Best Design, and Red Dead Redemption 2 for Best Technology. Australian developer Mountains won Best Debut for Florence; that game also Best Mobile Game. Amy Hennig, an industry veteran who directed Uncharted, took home the Lifetime Achievement Award.

You can see a full rundown of the categories and winners at the bottom of this post.

“The Game Developers Choice Awards represent the most refined games of the year, and the sheer variety of games honored tonight showed that games can still represent wholly new and unique creative visions,” GDC general manager Katie Stern said in a statement.

“A number of independently developed titles like Celeste, Gris, and Florence helped prove how internal or deeply personal turmoil can make for massively appealing games for millions of fans. While games like God of War and Red Dead Redemption 2 capture our imagination with poignant moments juxtaposed against epic tales of staggering scale and technical prowess. We embrace and accept all these amazingly creative works, and we’re proud to recognize these nominees and winners alike for the imagination and hard work that brought them here.”

Also at GDC this week, Google announced its new game-streaming technology, Stadia, which is set to launch later this year. Former Microsoft and Sony executive Phil Harrison is heading up the Stadia team, and he believes latency won’t be an issue.

GDC 2019 continues all week, leading directly into PAX East in Boston at the weekend, so keep checking back with GameSpot for lots more.

Continue Reading

CEO's

Google Moves To Disrupt Video Games With Streaming, Studio

Published

on

By

Google set out to disrupt the video game world on Tuesday with a Stadia platform that will let players stream blockbuster titles to any device they wish, as the online giant also unveiled a new controller and its very own studio.

The California-based technology giant said its Stadia platform will open to gamers later this year in the United States, Canada, Britain and other parts of Europe.

For now, Google is focused on working with game makers to tailor titles for play on Stadia, saying it has already provided the technology to more than 100 game developers.

“We are on the brink of a huge revolution in gaming,” said Jade Raymond, the former Ubisoft and Electronic Arts executive tapped to head Google’s new studio, Stadia Games and Entertainment.

“We are committed to going down a bold path,” she told a presentation at the Game Developers Conference in San Francisco.

The Stadia tech platform aims to connect people for interactive play on PCs, tablets, smartphones and other devices.

Google also unveiled a new controller that can be used to play cloud-based individual or multiplayer games.

Stadia controllers mirrored those designed for Xbox or PlayStation consoles, with the addition of dedicated buttons for streaming live play via YouTube or asking Google Assistant virtual aide for help beating a daunting puzzle or challenge.

Chief executive Sundar Pichai said the initiative is “to build a game platform for everyone.”

“I think we can change the game by bringing together the entirety of the ecosystem,” Pichai told a keynote audience.

‘Netflix of gaming’

Google’s hope is that Stadia could become for games what Netflix or Spotify are to television or music, by making console-quality play widely available.

Yet it remains unclear how much Google can grab of the nascent, but potentially massive industry.

As it produces its own games, Google will also be courting other studios to move to its cloud-based model.

Google collaborated with French video game titan Ubisoft last year in a limited public test of the technology powering Stadia, and its chief executive was in the front row at the platform’s unveiling.

A coming new version of blockbuster action game “Doom” tailored to play on Stadia was teased at the event by iD studio executive producer Marty Stratton.

“If you are going to prove to the world you can stream games from the cloud, what better game than ‘Doom’,” Stratton said.

Streaming games from the cloud brings the potential to tap into massive amounts of computing power in data centers.

For gamers, that could translate into richer game environments, more creative play options or battle royale matches involving thousands of players.

At the developers conference, Google demonstrated fast, cloud-based play on a variety of devices. But it offered no specific details on how it would monetize the new service or compensate developers.

Money-making options could include selling game subscriptions the way Netflix charges for access to streaming television.

“I think it’s a huge potential transition in the video game industry, not only for the instant access to games but for exploring different business models to games,” Jon Peddie Research analyst Ted Pollak said of Stadia.

“They say it’s the Netflix of gaming; that is actually pretty accurate.”

Ubisoft on board

Ubisoft, known for “Assassin’s Creed” and other titles, said it would be working with Google.

Its co-founder and chief Yves Guillemot predicted streaming would “give billions unprecedented opportunities to play video games in the future.”

An “Assassin’s Creed” title franchise was used to test Google’s “Project Stream” technology for hosting the kind of quick, seamless play powered by in-home consoles as an online service.

The reliability and speed of internet connections is seen as a challenge to cloud gaming, with action play potentially marred by streaming lags or disruptions.

Google said its investments in networks and data centers should help prevent latency in data transmissions.

In places with fast and reliable wireless, internet players will likely access games on the wide variety of devices envisioned by Google, while hard-core players in places where wireless connections aren’t up to the task could opt for consoles, according to Pollak.

“I think it is good news for everyone,” Pollak said when asked what Stadia meant to major console makers Microsoft, Sony and Nintendo.

The US video game industry generated a record $43.4 billion in revenue in 2018, up 18 percent from the prior year, according to data released by the Entertainment Software Association and The NPD Group.

AFP

Continue Reading
Advertisement

Trending

Copyright © 2018 Inventrium Magazine

%d bloggers like this: