13th March '18
After years of preparation and debate, the European Union passed the General Data Protection Regulation (GDPR) in April 2016. Despite the UK’s decision to leave the EU, GDPR is one of the many regulations that we will continue to enforce. As of the 25th May 2018, new data handling rules will apply.
In a nutshell, GDPR is an updated version of the Data Protection Act 1998. The core principles remain the same, so most businesses should already be largely compliant. That being said, many things have changed over the last 20 years, but the laws that protect our personal data haven’t changed with them. Until now…
For many individuals, their personal data has been shared far and wide. Mainly as a result of technology. There have been laws that protect our data, but it has become too easy in recent years to abuse our information.
Do you know which businesses have access to your personal information? The answer is likely no. But that is about to change.
As a consumer, GDPR is going to be a great thing. Your personal information should be personal again and you will have control of it.
For example, if you buy something online there shouldn’t be any confusing marketing questions. Sign-up forms and requests to use your data need to be crystal clear. No longer will you see preselected tick boxes. Ideally, you will be taken to a different page and asked if you would like to opt-in to any marketing. And that is the important bit, opting-in.
As an individual, you will also have the right to request access to your data. After the 25th May 2018, you can ask to see what data a business stores on you. That business must be able to fulfil this request quickly, easily and free of charge. And if they can’t, then they can expect an investigation or possible fine.
And here’s the good bit. If you aren’t happy with the data they have, you can request for it to corrected or be destroyed. No ifs and buts. It has to be deleted* and never used again. The power is in your hands.
As a business, you will need to be transparent and cooperate with the regulations, or face hefty fines. If you haven’t already started to consider the impact of GDPR, then you should do it now.
If you are a business that processes personal data and shares it with other companies, then you will likely have a big task. If you haven’t already, we would advise speaking to a GDPR specialist. They will be able to support you throughout the process.
If you are a small business with minimal amounts of data, things might be a little simpler. However, you must make sure you have got the correct processes and policies in place to adhere to the new rules. There are lots of great websites offering advice and support, such as The GDPR Checklist.
Firstly, figure out what personal data you hold. You will soon be able to see the potential impact of GDPR. Whatever you do, do not ignore it. If you have any concerns or questions you could always speak to us and we will do our best to point you in the right direction.
Whilst the initial thought of GDPR might be daunting, it is a positive thing. Times have changed, and the way we use personal data needs to improve. Customers will approve if you adhere to the new rules and don’t abuse their personal information. So don’t delay. Take action today and ensure you are GDPR compliant by the 25th May 2018.
Remember, even if they are an existing client or customer you will need their consent. If you don’t have it by the deadline then you won’t be able to process their data, and that includes deleting it. In that situation, it will be illegal for you to hold it, or get rid of it, a real catch 22.
*The only exception is transaction data. This has to be held for a minimum time period.