On 25th May 2018 a new European Union law framework will come into effect called GDPR (General Data Protection Regulation).
This has been 6 years in the making and is all about online data protection and how our online personal data is stored and handled.
If you live in the EU, you will by now have received several email notifications from companies you deal with asking you to review the information they have on record and give your consent to them contacting you in future.
The UK is about to leave the EU under Brexit but GDPR will still apply to UK businesses and citizens all the same. This is because GDPR has ‘extra territorial’ reach (I’m not sure what that means but it sounds official and I’m guessing they are saying no one is getting off the hook). UK businesses will still need to comply with GDPR after Brexit when dealing with the EU or otherwise because of the laws coming into effect before Brexit happens.
What’s going to happen?
- GDPR is a framework and replaces all existing data protection laws
- Give better protection and right to individuals
- Data regulation authorities will have greater power to fine companies for mis-handling our online data
- It will be easier for companies to operate in the EU
- A new EU data regulator will be created called the European Data Protection Board
How will GDPR work?
The new framework will restrict the way businesses within the EU store, handle and move our personal data. Personal data can be anything from names, addresses, ID photos, bank details to biometric data, sexual orientation and medical information. The step change in law also gives us as individuals better control, rights and consent over how data is collected from us and whether we want it to be erased from a company’s records. It also allows for individuals to access the information held.
If businesses do not comply with the new laws they can be subject to hefty penalties and fines imposed by the data protection regulators with much stricter ruling than before.
Is there any need to be concerned?
Not at all. This new laws if anything are a good thing and a good opportunity to check what information companies have on us and cut off any unwanted marketing or promotional notifications in future.
Why is it happening?
When the Data Protection Act was passed in 1998, it didn’t factor in the amount of online personal data and information the world would eventually expand to handling out there today in cyber space. The laws are also long overdue for an overhaul today in 2018.
Will it affect me?
As EU citizens, yes it will. Personal data and even sensitive data can be categorised as anything that can be used to identify an individual.
It’s worth checking the correspondence received from companies asking for you to review the consent permissions and opt in/out if necessary. It’s also a good opportunity to have a clear out of any unwanted notifications or spammy type stuff that also lands in your email inbox. As a separate exercise I regularly go through the unwanted emails and ‘unsubscribe’ where appropriate.
If you run a business and you are subject to existing data protection laws when handling data, then the new GDPR rules will also apply.
The ICO (Information Commissioner’s Office) have set out guidelines for business owners in relation to GDPR on their website here.
If this post was helpful or informative, let me know by leaving a comment below or email me direct through the blog’s Contact Page.
Sources & photos: