Cable Forum - View Single Post

jonbxx · 20-03-2018, 09:49

The UK data protection and rights as it stands is incredibly lax compared to other countries in Europe. I have German and Belgian colleagues and the hoops that need to be jumped through are much harder than here in the UK.

In Germany, any employee data collected has to have a reason as to why this data is collected and what it will be used for. For example, if you wanted to measure a call centre performance but not measure individual performance, very strict measures must be taken to anonymise the data so there is no way of tracking back how many calls each individual has taken. If individuals data is captured, the reasons for this data capture is run by the company works council (union) representatives before it can be done.

In Belgium, we had big issues as a number of my companies data servers are based in the US. Our US data servers had to be audited by the Belgian government before this was allowed under Belgian law.

Interestingly, for most personal data, the US isn't very stringent on data protection. The one case I know where there is an exception to this is hospital patient data. This is covered by the Health Insurance Portability and Accountability Act (HIPAA) which is incredibly stringent. Offshoring US patient data is very, very difficult.

GPDR is trying to put a 'one size fits all' approach to data protection which is an admirable aim I suppose. I understand it can be a pain to small businesses to set up compliance and did have the thought if there could be exemptions but then realised what about small law firms, insurance brokers, financial advisors, etc.

20-03-2018, 09:49	#1211
jonbxx cf.mega poster Join Date: Jan 2004 Location: #Plagueisland Age: 53 Services: VM VIP Pack Posts: 1,668	Re: Government & Post Election Discussion The UK data protection and rights as it stands is incredibly lax compared to other countries in Europe. I have German and Belgian colleagues and the hoops that need to be jumped through are much harder than here in the UK. In Germany, any employee data collected has to have a reason as to why this data is collected and what it will be used for. For example, if you wanted to measure a call centre performance but not measure individual performance, very strict measures must be taken to anonymise the data so there is no way of tracking back how many calls each individual has taken. If individuals data is captured, the reasons for this data capture is run by the company works council (union) representatives before it can be done. In Belgium, we had big issues as a number of my companies data servers are based in the US. Our US data servers had to be audited by the Belgian government before this was allowed under Belgian law. Interestingly, for most personal data, the US isn't very stringent on data protection. The one case I know where there is an exception to this is hospital patient data. This is covered by the Health Insurance Portability and Accountability Act (HIPAA) which is incredibly stringent. Offshoring US patient data is very, very difficult. GPDR is trying to put a 'one size fits all' approach to data protection which is an admirable aim I suppose. I understand it can be a pain to small businesses to set up compliance and did have the thought if there could be exemptions but then realised what about small law firms, insurance brokers, financial advisors, etc.