The General Data Protection Regulation (GDPR) is the biggest change to UK privacy law in 20 years. It is a legal framework that sets guidelines for the collection and processing of your personal information within the European Union. It comes into force on the 25th May 2018. The law aims to give citizens more control over their data and to create a uniformity of rules to enforce across the continent.
Thanks to technological advances, the amount of data being generated is rapidly increasing – every time you shop online, use an app, or use social media you generate information about yourself, sometimes called a digital footprint. It has been clear for some time that data laws needed to be changed and brought up to date.
The GDPR provides the following rights for individuals:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling
GDPR is about giving you more control over your personal data is used. You will have greater visibility and control over the personal data that organisations hold about you. This means that you can have greater confidence that the information about you is accurate, up to date and properly managed.
Organisations need to have your permission or a legitimate reason to contact you. You get to choose who contacts you and how, e.g. by e-mail, post, social media or phone.
You can change your mind at any time. If you give an organisation permission to contact you for marketing purposes i.e. about offers, products or services they think that you will find interesting, you can change your mind and withdraw your consent at any time without giving a reason.
Your data will be better protected. GDPR also aims to make sure that all organisations holding personal data have the right processes in place to protect it. There are significant penalties for companies that fail to look after your personal information properly.
The Information Commissioner’s Office (ICO) is the Supervisory Authority and responsible for enforcing the GDPR.
For more information on the GDPR see the ICO’s website: https://ico.org.uk