Unless you’ve been hibernating, you’re likely to have heard of GDPR, or the General Data Protection Regulation. The data protection act itself isn’t new but the data protection changes being implemented this year mean business will have to alter how they obtain and store personal data.
So, what is GDPR?
GDPR, is a regulation which protects the data for all individuals within the European Union.
The quantity of data we now store, along with progressing technology means the old rules simply aren’t fit-for-purpose any more. The new laws have been designed to give greater protection to individuals.
Why is it hitting the headlines?
The deadline for compliance with General Data Protection Regulation (GDPR) is scheduled for 25th May 2018. With the UK shifting from rules implemented in 1998, this is the biggest change to data protection laws in the last two decades.
Businesses and organisations will have a legal duty to ensure that all stored personal data and interaction with customers is fully compliant with the new legislation, or risk being fined.
In the UK, the laws are enforced by The Information Commissioner’s Office (ICO).
What’s classified as personal data?
Any information that can be used to either directly or indirectly identify someone is personal data.
That involves name, address and IP address. There’s other information involved too, which GDPR calls sensitive data. That includes religious beliefs, political opinions, racial information and sexual orientation.
Personal data is information actively provided by an individual, as well as all the data generated by their activity.
How does it affect me?
There are a number of changes being put in place, and it mostly involves consent. Businesses will need to consider whether they have consent from an individual to communicate with them about new products. Is that communication of legitimate interest?
People also now have new rights to access the information companies keep about them. The GDPR guidelines list examples such as a streaming service user being able to retrieve a history of all the music they’ve ever listened to.
Plus, there’s a new regime of fines. Regulators can penalise businesses for a number of reasons, including failure to process data in the correct way, security breaches, or a lack of Data Protection Officer where one is required.
Customers will also be able to opt out of future communications and businesses who don’t provide this may be investigated by The ICO.
Where can I find out more?
To help business prepare for all these changes and the start of GDPR, the ICO has created an easy to follow 12-step guide which you can find here.
Businesses complying properly with the current law won’t have many changes to make, as the main concepts and principles are the same. However, there are a few significant changes that are worth noting.
The helpful checklist includes some new information on data breaches and procedures regarding individuals’ rights.