Now that the hype and fury over the new General Data Protection Regulation (GDPR) has died down, manufacturing and engineering companies will have to get their heads around another European Union edict, by the end of 2018 or early 2019, in the shape of the ePrivacy Regulation (ePR).
Allotts, which has had a busy year guiding such businesses through the GDPR compliance process, is now turning its attention to highlighting the scope of this new privacy regulation. Although ePR has received less publicity than GDPR to date, compliance with it is non-negotiable. Those suffering from GDPR fatigue have little time to rest on their laurels and need to be ready to tackle this new legal framework head-on if they are to avoid hefty fines for non-compliance.
GDPR evolved from the Data Protection Act (DPA) so it's no surprise that ePR has morphed out of another previous EU incarnation, the Privacy and Electronic Communication Regulations (PECR) - more commonly known as the Cookies Law. The ePR will, however, have a much broader scope than just beefing up the rules on cookies and getting rid of pop-up consent boxes in favour of user-friendly browser settings.
It will target how personal data is used in the context of new electronic communications channels and is expected to encompass such areas as 'Over the Top' (OTTs), which includes instant and social media messaging services - think WhatsApp, and 'Voice Over Internet Protocol' providers (VoIPs) like Skype, which will fall under the same EU laws as telephone calls, email communications and SMS messages. The goal of ePR is to control consents more rigidly for both the content of the communications and the metadata1 attached to those communications.
Much of ePR will dovetail with GDPR – the fines will be aligned – so getting to the bottom of what's permissible under Legitimate Interests is key, and how to obtain and manage consent across social media and various other media platforms is something businesses need to address as a priority.
Philip Allott, managing director of Allott and Associates, who is both legally and GDPR qualified, believes many businesses have paid scant attention to PECR so far and will be prone to the same almost mass hysteria when the ePR deadline date to comply is announced, because this new regulation will be enforced just as rigidly.
He said: "With further legislation planned for later this year, the first of which is likely to be the ePrivacy regulation, I'd advise companies to take it just as seriously as GDPR and to prepare early. We have already helped thousands of businesses become compliant with GDPR and, as this sister legislation cannot be overlooked, we would encourage people to talk to us about the new guidelines. Otherwise, failing to prepare could mean preparing to fail in this case."
No matter how one views regulations issued from Brussels or Westminster, never forget that these rules are designed to enforce all its citizens' rights to confidentiality and protect them from the nightmare of personal data falling into the wrong hands. Even if their information is in the right hands, it gives them the power to have their data amended or deleted, usually without argument, if they so desire.