A closer look will reveal that GDPR is far more than just a mailbox-clogger. The regulation, seven years in the making, finally came into effect on 25 May, and is set to bring out significant changes in everything from technology to advertising, and medicine to banking. We look at how these changes are going to impact the lives of Britons.
How does GDPR work?
The purpose of GDPR is to make it possible for consumers to control how companies use their personal details. This means that a company does not have the right to gather or make use of personal data without consent from the individual. Name, email address and phone number are all considered personal data, as well as online browsing behaviour which a website collects using cookies.
GDPR aims to affect big tech guys such as Facebook and Google, but companies of all sectors will see its effects. A case in point being the recent government’s investigation into Cambridge Analytica’s interference in state elections involving electoral mandates. The investigation let to many top executive in the company being relieved of their jobs.
After 25th May 2018, companies who misuse personal data can receive a fine of up to £17 million from the ICO, or 4% of that company’s global annual turnover, whichever amount is higher.
But what about Brexit?
The GDPR applies to all companies that offer a service within the EU, even if it has headquarters elsewhere. According to the government, the General Data Protection Regulation will still apply once the UK leaves the EU.
The UK Data Protection Bill is soon going to include GDPR standards and is currently being processed in parliament. Ministers expect the GDPR enforcement to help companies to prepare for Brexit, as the law in Britain will be in line with the rest of the EU. If the rules were different, it would make trading between European countries harder.
What does it mean for Businesses?
Huge amounts of paperwork. Business groups say companies will have to spend £1.2m each, on average, to meet the complex new requirements.
A report by the Sun showed that many businesses do not currently track their data processing in a way that complies with the new rules. In the event that they have sought consent from customers to collect data, the records are often out of date, or the consents do not meet the GDPR standards.
What is clear that not many businesses have been successfully compliant since 25 May. Multinational companies have been seen scrambling since the last month announcement and introduction of legislature. Nonetheless for companies that demonstrate intent, with significant signs of appropriate planning, there will be considerable leeway till a future deadline is established.
How will GDPR affect online users?
There are a host of new requirements rolled into the GDPR. Users also have the “right to be forgotten,” allowing them to demand that companies remove certain personal information from the internet, and the right to opt out of sensitive data collection. Some cases where the “right to be forgotten” applies, are:
- Information that isn’t relevant anymore
- If an individual no longer consents to the use of their personal data.
- An individual who does not allow firms to use their data for marketing
- In a case where a firm processed the data improperly
- If legally the data needs to be removed
- Data of a child that was exchanged for “information society services”
- If your claim is legitimate, the firm must remove your data, unless it goes against their legal obligations or other rights that allow them to use this information.
Research carried out by the government, showed that not many firms were aware of the General Data Protection Regulation. At the beginning of 2018, only 38% of businesses and 44% of charities had heard of the GDPR. These figures indicate that enforcement of the law is very much necessary.
On the other hand, online users can look forward to having more control over their personal data. In the last month, tens of thousands have already taken advantage of this opportunity to protect their privacy.