If an individual were asked to list the personal information a former employer, their dentist or their mobile phone provider has about them, would they feel confident they could answer comprehensively?
Imagine an individual discovers their phone details were being legally shared with other organisations, without their knowledge? The lack of transparency may make them feel uncomfortable and that their privacy may have been breached. It may mean they lose confidence and trust in organisations they believed were keeping their personal information secure.
The General Data Protection Regulation (GDPR) is a European wide privacy regulation which will replace the outdated UK Data Protection Act 1998. At its very heart, the new rules are looking to strengthen rights to know, and control, what happens with a person’s data. From the 25th of May, the individual is made the custodian of their own data.
GDPR covers data which can be used to identify a person. This regulation also extends to special categories of data such as genetic data or biometric data which when processed, can be used to identify individuals.
GDPR, Individuals and Automated Decisions
Individuals have the right not to be subjected to a decision when it is based on automated processing and produces a legal or similarly significant effect on the individual
Recent high-profile data breaches, such as the Cambridge Analytica-Facebook incident, have brought the subject of personal data to the limelight. In the UK, the GDPR grants greater powers to the Information Commissioner’s Office (ICO) giving it the authority to levy much higher fines on organisations found non-compliant with the new legislation. The key to this regulation is the extent to which the ICO enforce the rules. This question has centred much debate in the industry with the CEO of IAB Europe, Townsend Feehan, at Dmexco, a digital marketing conference, stating:
“we think because they [regulators] don’t have more staff to deal fairly [with each case], they will [target] symbolic cases, and some of that enforcement may be arbitrary and unfair.”
Elizabeth Denham, UK Information Commissioner with the ICO, and according to DataIQ 100 the most influential leader in the data-driven business, has a tough task at hand. However, she has sent a strong message that the 25th of May deadline is fixed in stone, by emphatically stating:
“there will be no ‘grace’ period – there has been two years to prepare and we will be regulating from this date.”
GDPR’s impact is not only confined to Europe, as virtually any company that has a web presence and markets their products over the web will have some homework to do. This is due to Article 3 of the legislation which reads:
“If you collect personal data or behavioral information from someone in an EU country, your company is subject to the requirements of GDPR.”
This is further emphasised by a PwC Survey highlighting how GDPR compliance is a top priority for companies on their data-privacy and security agenda in 2017.
Full Inboxes, Positive Consent, and GDPR
Companies have become panic-stricken and have started sending out a plethora of emails asking their consumers for ‘consent’ to continue emailing offers and marketing messages. Many organisations are concerned as they stand to lose large swathes of customer contacts that have been built up over the years. However, interestingly enough, Virgin Holidays has taken a relaxed approach and accepted this as an inevitability. They have taken the view that it is more important to acquire new customers in a GDPR complaint way than try to retain those that have low brand loyalty. One thing is for sure, inboxes are getting flooded with frantic emails as GDPR deadline approaches this Friday and many individuals are looking forward to the dawn of a new era in data security and usage.
More on GDPR
Using the Blockchain to Secure Sensitive Information
The internet is in bad shape right now. After nearly two decades of tech innovation and mass participation on the...
The Internet Is Being Destroyed By Internet Companies
As the US slowly waves goodbye to net neutrality and Europe ushers in a new privacy age, now is the perfect...
RegTech: Solving Greater Regulatory Pressures
With all the new global regulations that have been introduced after the financial crisis of 2008 (among them Basel II,...