Let’s revisit a bit of legislation.
In the UK, the government has announced plans to change the data protection and privacy laws, in a move away from GDPR to a distinct UK set of laws. Specifics have not been announced, and the next step is consultation in September before exploring potential laws. The intention is to adopt a “Common sense” approach that allows the UK to establish data partnerships with the US and other nations, which drew a warning from Brussels.
While we’re talking legislation, Protocol has a piece digging into multiple moves at the state and local level on tech related legislation. The theme – action is happening much more swiftly at this level. All 50 states have some level of cybersecurity breach notification laws, and three now have privacy laws, with more looking into it.
Why do we care?
GDPR and its’ rollout was a big big deal for Europe, and any technology company from the US doing business there. Now, there will be another set of British laws to contend with. Interestingly, this mirrors the US pattern of laws being implemented at the state level.
And with all of this, you get more complexity. Sure, that’s good from a consulting perspective. I’m less sure it’s good from a consumer or user perspective. Helping users navigate is the reason IT services care. I continue to ask – how robust is your process for managing this change and complexity?