The focus of GDPR on compliance and sanctions are not as crucial as trust, according to the Belgian Secretary of State for Social fraud, Privacy and the North Sea.
Speaking at the ISSE 2017 conference in Brussels, just a few days after he became a member of the Federal Government of Belgium responsible for the implementation of GDPR, Philippe de Backer said that new products and services are coming online every day and people want to enjoy using them “and sometimes pay with their own personal data.” He said that privacy and security becomes more important in a digital economy, particularly if a company wants to install trust in a user: he said that trust between the user and provider should be one of the most crucial elements over the next couple of years.
“The concept of privacy is also changing here, where it was previously seen as a fundamental human right, it is also enshrined in the UN Declaration of Human Rights but also in the European Charter. Privacy is one of the main fundamental human rights,” de Backer added.
“But the cost of privacy has also enlarged and evolved into data protection, and it also has to deal with security of personal data against the improper use of data by third parties.”
De Backer acknowledged the challenge for businesses in keeping data secure whilst also wanting to work with third parties, and that was the new balance and the reason for the EU to go ahead with GDPR “to try and create this level playing field and standard of rules across the different members states and the same rights for data subjects, and the same sanction mechanism”.
He said that this was one of the missing pieces from the past, and the essential parts of the GDPR are: the protection of individual rights and enabling the free movement of data. He argued that often the focus is on compliance, sanctions and the new rules, but trust will also be crucial.
As part of the government’s efforts to be GDPR compliant, new frameworks and data protection laws were being put in place.
“For me the GDPR is a business opportunity, we have a lot of data centers and international activity here in Belgium and the data protection authority really puts some clarity and guidelines on how they see the implementation of GDPR and what the standards are that they want companies and public sectors to live up to,” he said.
“So for me it is a business opportunity to manage, know and secure your own data, but also to install your own trust so it is a process every company should go through as we are trying to create a level playing field between the private and the public sectors.”