As you are probably already aware from the vast numbers of emails that you are likely to have received from companies on the subject, on 25th May 2018, the new General Data Protection Regulations (GDPR) will be coming into effect. The GDPR will place new legal obligations on companies who hold customers’ personal and sensitive data.
It will apply to processing carried out by organisations operating within the EU, and organisations outside the EU that offer goods or services to individuals within the EU.
What Are the GDPR Principles?
- Companies will have to tell you explicitly what data they hold on you, how they will be using your data and who they will be sharing it with.
- Data must be held securely
- Any data held on you by a company can only be used for the purpose you gave it to them.
- All data held on you must be kept accurate and up-to-date at all times.
- Companies will not be allowed to collect ‘excessive data’. This means they will not be able to hold any data that is not relevant to the reason they are holding it.
- Companies will not be allowed to hold data any longer than is necessary for the purpose they are holding it.
What Are the Positives of GDPR For You?
- Above everything else, the personal and sensitive data you give out will now have to be kept much more securely meaning there should be less of a risk of it being stolen or being used inappropriately.
- You can have more confidence in the fact that any data held about you will be accurate and up-to-date.
- You have the right ‘to be forgotten’. This means that you can request for a company to delete any data of yours they are currently holding if you no longer want them to have it.
- You have the right to request from any company the data they hold on you. They must provide you with this data within one month.
- Companies will no longer be able to send you any marketing emails, texts or phone calls unless you have specifically ‘opted in’ to this. This should certainly reduce the amount of junk mail that we all currently continuously receive.
What Are the Negatives of GDPR For You?
Although GDPR will mostly have a positive effect on the consumer, there may be a couple of negative effects that are worth pointing out.
- There could be some confusion when the regulations are first implemented. For example, when you purchase a product online, you will usually be asked to tick a box if you don’t want to be contacted for marketing purposes otherwise you will be added automatically. Now, they will request for you to tick the box if you want to be contacted. Small changes along these lines will force people to have to think differently which may take some getting used to at the beginning.
- For large organisations, implementing these regulations may be very costly. They may have to update software and hardware systems, hire GDPR consultants to organise the process, hire new staff, pay for new encryption services…. and much more. These additional costs may urge companies to increase the prices of their good or services to cover their increased outgoings, directly effecting the customer.
- Although GDPR will ultimately make data more secure in the future, years without this sort of regulation has already led to billions of peoples’ data to be passed on and sold to unauthorised parties. Because of this, scams and identity theft won’t just automatically come to a halt.
On balance, the introduction of the GDPR should be a positive step forward in relation to data security and improved privacy for individuals. However, it will be interesting to monitor the impact of the regulations in practice over the coming months as companies adjust to the new requirements.
Find it useful? Please share!