In a previous blog, I talked about our concerns regarding data privacy and security. I mentioned new legislation coming soon which will address a lot of these concerns. So, what is this legislation and what does it mean for us and the security of our data?
General Data Protection Regulation (GDPR) is the new legislation which will take effect on the 25th May 2018. GDPR is a set of guidelines which follows on from the current Data Protection Act. Consumers now have more say in how companies and organisations use their personal data and these companies and organisations must make sure they take care of this data.
The GDPR will apply to all businesses based in the EU and any organisations doing business with the EU will also have to comply with the regulations if they collect any personal data from EU citizens. The new regulations will be much tougher and failing to comply will result in companies being fined. It has been created to help improve trust within the vastly growing digital economy.
Some key facts:
1. Pre-ticked boxes and having to actively “opt out” will no longer comply with regulations. Instead, there will be a new “opt in” process and users will have to actively tick a box to sign up for marketing communications. Further email confirmation will also be required.
2. We now have the ‘right to be forgotten’. Any data collected must be erased completely at the consumers request – this includes copies of the data held by other organisations. There are of course exceptions if the organisation has a legitimate reason to have this data to conduct its business – for example law enforcement.
3. We can request access to our data free of charge. An organisation will have 40 days to complete a request and disclose the information.
4. Parental consent will be required to process the personal data of children under the age of 16 for online services.
5. ‘Personal data’ includes IP addresses, bank details, social media profiles, social media posts, photos, emails, home addresses, telephone numbers and medical details.
This new legislation is designed to benefit and protect citizens, and while some older companies may struggle to comply with GDPR, new citizen focused companies will use it as a benefit rather than a burden.