On May 25, 2018 members of the European Union – including the UK – will face the biggest shake up of data privacy laws in 20 years. Read on to find out how it will affect you…
Thanks to technological advances the amount of personal data being generated is rapidly increasing – every time you shop online, use your favourite app or ‘like’ a photo on Facebook you generate data – which is why the outdated, pre-social media data protection law needs updating to better protect people’s personal data. As part of the General Data Protection Regulation (GDPR) all companies must review how they manage all personal data – from customer email addresses to employee bank details.
After four years of preparation and debate the General Data Protection Regulation (GDPR) was finally approved by the European Parliament on 14 April 2016. The enforcement date is 25 May 2018 – at which time any organization that is non-compliant may face fines up to 4% of annual global turnover or €20 Million.
What is ‘personal data?
It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address. In fact, any information related to a natural person or ‘Data Subject’ that can be used to directly or indirectly identify the person.
Parental consent will be required to process the personal data of children under the age of 16 for online services; member states may legislate for a lower age of consent, but this will not be below the age of 13.
How exactly does GDPR involve you?
- Every person living in the EU will have more control over their personal data.
- GDPR is all about giving you more control on how your personal data is used. You’ll have greater visibility and control over the personal data that organisations hold about you – whether it’s something as simple as your name, or as complex and sensitive as medical information.
- Over the coming months you’ll probably notice a lot of organisations asking for your consent, so that they can contact you about offers, products or services they think you’ll find useful or interesting. To comply with GDPR, these requests need to be really clear and straightforward. You get to choose who contacts you and how, for example by email, social media or phone.
- If you give an organisation permission to contact you, it doesn’t mean you can’t change your mind in the future. Under the new rules, it should be easier to update your preferences on what you want to receive and how.
- GDPR should ensure that your data will be better protected. Organisations that put their customers’ data at risk will face hefty penalties.
GDPR and Brexit
With the UK gearing up to leave the EU, you could be forgiven for thinking that UK companies might resist complying. However, any company in the UK that sells good or services to citizens in other EU countries will have to comply with the GDPR, whether the UK retains the GDPR post-Brexit or not. If the commercial activity of the company is limited to the UK, then the position of post- Brexit compliance is not yet clear.
The European Parliament notes: “The UK Government has indicated it will implement equivalent or alternative legal mechanisms. Our expectation is that any such legislation will largely follow the GDPR, given the support previously provided to the GDPR by the ICO and UK Government as an effective privacy standard, together with the fact that the GDPR provides a clear baseline against which UK business can seek continued access to the EU digital market.”
Watch this space…
If you found this blog post interesting or useful, please share it on your favourite social media channel, and please feel free to leave a comment below – I’d love to hear from you! Don’t want to miss out on future articles? You can sign up to be a member here.