The biggest overhaul of Personal Data Privacy Regulation comes into effect.
The General Data Protection Regulation is the biggest renewal and revamp by the EU of the current Data Protection Act and the most important change in Data Privacy in 20 years.
The new EU GDPR has been designed to harmonise data privacy laws across Europe, to empower all EU citizens and to reshape the way organisations obtain, store, process and share information. Strict rules mean companies will not be allowed to collect and use personal information without the consumer’s consent.
GDPR puts emphasis on clear consent and specifically bans pre-ticked, opt-in boxes, providing greater transparency in giving consent. It also states that consent must be unambiguous and not a pre-condition of signing up to a service. This is why you will most certainly start receiving contact from companies you regularly use or shop with, asking for further consent for re-marketing purposes.
This ensures genuine consent has been freely given and puts consumers in control of how the data is used. It also gives you, the consumer, an option to opt-out and request any personal data a company holds on you.
Why is this so Important ?
Up until now, companies have been able to hold your data, store it for as long as they like and share it with other companies. For example, Facebook has a record on its site of every Like and click you make. They use this Data to categorise people by class, political allegiance and spending power. Is this an unfair advantage? GDPR aims to tip the balance between business interests and consumer’s and give the power back to the individual.
Good Practice is now Mandatory!
GDPR also now includes a Special Category Data. Special Category Data is personal data which the GDPR says is more sensitive and needs more protection. In order for companies to hold Special Category Data they need to prove a lawful reason to do so.
Special Category Data Includes the following information:
Trade Union Membership
This type of data could create significant risks to a person’s rights and freedoms by putting them at risk of unlawful discrimination.
The new EU GDPR includes 8 rights for individuals that every company, organisation, government body and social media site must now comply with.
These Individual Rights Explained.
- The Right To Be Informed – Here you have the right to be given information about how your data is being used and why.
- The Right Of Access – You have the right to access your personal data anyone holds on you. However you may be charged a ‘reasonable fee’ per GDPR guidelines.
- The Right To Rectification – You are entitled to have your details rectified if it is inaccurate or incomplete.
- The Right To Erase – This enables you to request the deletion or removal of personal data where there is no compelling reason to keep it.
- The Right To Restrict Processing – Individuals have the right to ‘Block’ or suppress processing of personal data.
- The Right To Data Portability – As an individual, you have the right to move your data from one company to another if there is lawful reason to do so.
- The Right To Object – You can object to companies processing your data in order to identify and profile for the use of direct marketing, scientific, historical, research and public interest use.
- Rights In Relation To Automated Decision Making And Profiling – This is the right to object to making a decision solely by automated means without any human involvement, no individual should be subject to a legal or detrimental effect.
This is the biggest shake-up of Data Protection in 20 Years and, although only enforceable in the EU, it will be felt all over the business world. Punishing fines for data misuse and breaches can reach 20 million Euro or 4 percent of global annual turnover, whichever is higher. With so much at stake, this will have a dramatic effect on businesses who now have to put you the consumer first, when it comes to your personal information.
Here at Praetorian Legal, we have engaged all members of staff in a half-day training seminar, led by a regulatory barrister, who will be working with us going forward, to ensure that the principles of GDPR are implemented and so this can reflect on the service we offer to our clients.