The Data Protection Act is being replaced by a new data protection law, which comes into force across the European Union (EU) in May 2018. This new law fundamentally changes the way personal data can be handled and is known as the General Data Protection Regulations (GDPR). So, how will it impact consumers?
Basically, the new GDPR is designed to increase consumer rights over the way their personal data is collected, maintained and shared. Personal data refers to ‘anything, from a name, a home address, a photo, an email address, bank details, medical information or a computers IP address’.
At present, the onus is on the consumer to opt out. This may involve ‘unticking a box’ or
stating clearly you do not wish your data to be collected and used. If you forget to do this, you are deemed to have given permission.
Under the new regulation, the onus is on the data collector to get your express permission to gather your personal data and provide total transparency as to how it will be used. This means, as a consumer, you will either be asked directly or via a tickbox, if your data can be collected and used.
Companies will need to demonstrate they have gained your consent, and you will be able to
challenge how and why you’ve been opted in to communications. There will be tough
penalties for data abuse, and any company not complying with the new GDPR could potentially face fines of up to 4% of their annual turnover.
In plain speak, it means privacy notices will be more transparent, consumer rights will be
upheld and publicised, and news about data breaches will travel faster. Overall, this will
create a uniformity of rules across the EU and improve the customer experience.
If you are unsure of your rights and would like to discuss the implications, please get in touch.