Now we have GDPR in hand (or not) … get ready for new e-privacy regulations

The much-publicised General Data Protection Regulation (GDPR) has now been in force for nearly six months. The regulation gives individuals a greater level of control over their personal data, both online and offline, as organisations must now obtain consent for the use, sharing and storage of such information or be able to demonstrate a legal basis for holding and processing information within the rules. However, it is not the only new privacy regulation becoming part of EU law, with new rules on electronic communications following hot on its heels.

Those thinking that all of the data protection hurdles were duly jumped back in May and that it is time to settle into business as usual may need to think again. During the preparation for the implementation of GDPR it was clearly established that digital ‘identifiers’ such as email addresses and IP addresses were captured under the new regulations and should be covered by a firm’s plans.
You may have more to do

Many mistakenly believe that they have therefore done all they need to do in respect of protecting electronic data. However the upcoming e-privacy regulations will bring with them an additional requirement around the right to confidentiality and data privacy on all electronic communications. This includes emails, texts, the internet, WhatsApp, Skype, online messaging, VoIP, the Internet of Things (IoT), apps, online advertising networks and telecommunications.

Sometimes known as the cookie law, as it is the law that governs the use of cookies on websites, the regulation will introduce new rules for direct marketing communications content and communications metadata used in website audience measurement that will mean that organisations must ensure the confidentiality of all electronic communications and prevent surveillance from third parties. Again, we will all have updated our website notices to include reference to the use of cookies. It remains to be seen what additional requirements concerning cookies may be in the new regulations.

The new e-privacy regulation will replace the existing Privacy and Electronic Communications (EC Directive) Regulations 2003 and is expected to come into force during 2019, with the European Data Protection Board, calling for swift implementation.

Although there is some overlap, the key difference between e-privacy and GDPR is that GDPR covers the handling of personal data in all forms, while the e-Privacy regulation covers online communications more specifically.

e-privacy will likely require additional compliance, and like GDPR, e-privacy regulations will involve heavy fines.
Contact us for a review of your data protection position

The message is clear – if you are breathing a sigh of relief and hoping that the imperative to take action around data protection came and went with the 25th May launch date – then you need to think again. Even having everything lined up for GDPR is no guarantee that you will be covered for the new e-privacy regulations.

Sign up to receive updates from Legal Eye on the new regulations and other relevant risk and compliance issues below. You can unsubscribe at any time.