If you’ve not heard about the new General Data Protection Regulation (GDPR), where have you been? Putting the power of who has access to your data, back into your hands, the introduction of new rules from the European Union is shaking up the world as we know it. The simple fact is the data you produce is extremely valuable to both businesses (who can gain a competitive advantage through its analysis) and hackers (who can use it for social engineering, or simply sell it on), so ensuring you know where it is and who has access to it can be crucial.
While handing over data means we benefit from everything from free apps to personalised shopping experiences, high profile breaches mean that our data is increasingly under threat. As such, this new legislation, and the recently announced data protection laws in the UK, are seeking to protect the consumer more. In particular, legal systems are now taking steps to ensure that companies are held responsible should they not be seen to making strides to protect our data.
The situation now
At present, businesses do not need to ask for explicit permission to store and use your data – if you give them your email address, for example, there’s nothing stopping them from storing this on their servers and using it for marketing purposes. While many businesses will ask if you wish for your data to be used this way, this isn’t mandatory.
However, it’s more than just marketing that businesses use your data for. They keep track of everything from browsing history to purchases, and sell it on to third parties, too. This can help them predict market trends for business strategy, or can be shared with advertisers to target you with similar products.
The problem arises when you don’t want these businesses to use your data any more. There are few ways, at the moment, for consumers to demand that businesses delete their data. There’s no real benefit to businesses for doing so, either. This is where GDPR comes in.
The GDPR effect
Currently there is a significant lack of knowledge among UK consumers about GDPR, and the rights it grants them – in fact, only 15% are aware of GDPR.
If you’re in the 85% of people unaware of GDPR, here are ways it’s giving you back control over your data:
1. Increased transparency and active consent. With the new legislation, you have a right to transparency over how your data is used. Before businesses can use your data, you will need to give ‘informed’ consent, which could include ticking a check box manually in a form – previously organisations could get this through the provision of a pre-ticked check box. Of course, it’s still important for you to carefully read the terms and conditions you’re agreeing to – it’s always tempting to click without properly reviewing, but doing so means you don’t know what you’re signing up to. The next point should mean these are now easier to understand.
2. The right to be informed. You will have a right to be informed about how businesses are using your personal data, in a concise, transparent, intelligible and accessible way. In the past, businesses may have got away with providing privacy information that was ambiguous or confusing – GDPR makes it clear that they can’t do this anymore.
3. The right to access. You’ll be able to easily access the personal data businesses hold on you. While the Data Protection Act requires that you pay £10 to access your data, GDPR means you will be able to get a copy of this information free. You also need to be given this information quickly – within one month of asking.
4. The right to be forgotten. Under the Data Protection Act, you are only able to get businesses to erase data if it causes unwarranted substantial damage or distress. Under GDPR, there are more reasons you can ask for a deletion of personal data – including the withdrawal of consent.
5. The right to data portability. This means when you request a full overview of the data a business holds on you, it must be presented in a way that could be provided to another company to re-use the data. This means that a print-out on paper, or using an inaccessible form of data such as a difficult to use spreadsheet, is not allowed. It must be easy to understand for all parties involved.
What you could lose
It’s incredibly important that as a consumer, you are given more control over your data – it’s deeply personal and can be used in a variety of ways for marketing and business intelligence. However, this is not to say there aren’t also benefits to be had from businesses storing your data.
How many times have you seen an advert for a sale at a store you like, which you didn’t know about? It’s quite a common occurrence, and only possible because a business has stored information revealing which stores you shop at. Often online stores will also suggest items you may be interested in, based on past purchases. These uses of our data can improve our shopping experiences and make us a more frequent or loyal customer.
So, while GDPR means you are able to demand your data be deleted, you shouldn’t be in a rush to do so. Fundamentally, GDPR is about giving you power over your data, and letting you know what is being done with it. This will help you make decisions about the businesses you share your data with, and improve our relationships with them, safe in the knowledge your data is safe.
To learn more, download our GDPR ebook.