You no doubt have heard reference to ‘GDPR’ over the past few weeks or if you haven’t you will do soon. This is a new law coming into force in May, called The General Data Protection Regulation (GDPR). The significance of GDPR is that it will strengthen your personal data rights, including the way companies handle your data and provides redress of misuse of your data.
Here’s what you need to know:
What is personal data?
Anything that is capable of identifying a living individual, such as your name, address, and date of birth. It would also include other information, which is often collected by companies about you, such as where you went to school, your job, details of what you buy online and even your internet IP address.
The new protections
- Those annoying tick boxes that you have to check if you ‘don’t’ want to receive marketing communications from a company will be a thing of the past. You will now have to tick the box if you ‘do’ want to part of a marketing list.
- You will be given the option to opt out at the time your data is collected and in all future communications.
- Companies will have to tell you specifically what you are signing up for or opting in to – vague or blanket consent is no longer good enough.
- Have you ever applied for a loan online and gone through an automated decision process? You will now have the right to object to this automated decision making.
- There have been countless stories in the press in recent times about large organisations exposing people’s data, usually after being hacked. Under GDPR, if there is a serious breach of your data, you have to be told right away.
- If your data is misused, you will have more opportunities to make a claim and get compensation.
- At present, you typically have to pay £10 to make a subject access request, which allows you to obtain access to your personal data held by a company. Under GDPR, a company will no longer be able to levy a charge for this.