With the new General Data Protection Regulations (GDPR) coming into force in the European Union (EU) in less than 10 days, Attorney-at-Law, Bartlett Morgan, sets us straight on what businesses located outside the EU can expect, and gives some advice to those businesses on what they should be doing to better position themselves for the GDPR.
Episode is also available in Apple iTunes and on Stitcher!
In our first Community Chat last week, one of the topics discussed was the European Union’s new General Data Protection Regulations (GDPR), which comes into force on 25 May 2018. For those of us who live outside the European Union, we may not fully appreciate what all the fuss is about, with respect to the GDPR. However, as or Community Chat guest, Kerrie-Ann Vassall-Richards, noted during the discussion, you may have observed that many websites and online services have been updating their Terms of Use and Privacy Policy documents –in preparation for the GDPR. In essence, the GDPR is expected to have implications for how businesses globally manage data – which of course, includes us in the Caribbean region.
However, and although the GDPR was passed in 2016, and is now coming into force two years later, there is a concern that Caribbean businesses are not as knowledgeable or as prepared as they should be. The Regulations are quite detailed, and it is easy to get overwhelmed, but we must also wrap our minds around the fact that the reach of the GDPR long, and there can be severe (very expensive!) penalties for those in breach.
In our discussion with Bartlett Morgan, an Attorney at Law, at LEX Caribbean (Barbados office), he breaks down the GDPR, and highlights some of the key elements to which we should pay attention. Our discussion also touched on:
- What constitutes personal data?
- What is the difference between data controllers and data processors?
- What are some of the GDPR principles and requirements of which we, who are outside of the EU, should be aware?
- So, similar to the Data Protective Directive, the GDPR applies to organisations located OUTSIDE the EU, how might that work?
- Just to be clear, Bartlett, are there any circumstances where the Regulations would not apply?
- Are there any classes of entities that could be subject to these Regulations?
- What would be 3 to 5 things you would advise Caribbean businesses – or rather, businesses outside the EU – to do to better positon themselves for the GDPR?
A point to note: It must be emphasised that although the GDPR has been adopted, it is not yet come into effect. As a result, it is not possible to say – with absolute certainty – exactly how the provisions will be implemented, and what will be their true impact. However, based on the material that has been published, along with the discussions that have been occurring within the EU, we have a good sense of how the various provisions are being interpreted currently.
Select links
Below are links to some of organisations and resources that could be useful:
Image credit: 3910743 (Pixabay); B Morgan
Music credit: Ray Holman
In my days in the retail world we had a marketing slogan, culled from the DIFOT metric, as: “Delivered, on time, in full, as specified”. A slogan that probably aptly lends itself to this podcast.
I was keen to get the ‘litmus test’ of who falls within the ‘ambit’ of the GDPR. Very excellently clarified.