Understanding GDPR

You may well have heard about GDPR, or the General Data Protection Regulation, in the news recently and it is very important to know what exactly it entails. The aim is to stop big firms, like Facebook and other social media giants, abusing the data given to them by individuals in exchange for the free services they offer. The aim is to also unify regulations across the whole European Union which the EU believes will save collectively companies operating across member states around £2.3 billion annually.

The GDPR regulations will come into force on the 25th May 2018 and companies who hold data will certainly need to tighten up their ships to avoid falling foul of the new rules. Anyone who controls and processes data must ensure that individuals have taken an affirmative action to allow their data to be collected by the firm. Not only that, but controllers must keep a record of how and when individuals gave their consent for you to store their data.

If you are on the other side of the fence, it means that you can request to see what data companies have on you, how long they have kept it stored for and who they have shared that data with. At any point, you can request that the firms delete your data and there must be complete transparency with all of your online data.

 

If firms suffer a data breach, then they must inform their data protection authority of any data breach that risks people’s rights and freedoms within 72 hours of the organisation becoming aware of it. They must also notify all individuals who are affected by the breach and failure to perform either of these could see some big fines handed out. Failure to meet the deadline could see fines of up to €10 million or 2% of their annual worldwide revenue, whichever is higher.

With the penalties potentially incredibly high for any firms that slip up, some firms are taking drastic steps to avoid falling foul of the regulations. The nationwide pub chain JD Wetherspoon have deleted all of the data they held on customers and no longer promote special events and offers via email, instead preferring to use social media.

With the fines so hefty, we may see firms follow suit and it will be interesting to see what the fallout will be when the regulations come into place.