Knowing the Basics of GDPR
The 25th May 2018 is coming around fast. In case you aren’t already aware, this is the date that will provoke a big change for companies across the UK. Affecting how they handle and use personal information.
What is GDPR?
After four years of preparation and plenty of debates, GDPR was finally approved on the 14th April 2016 by the EU Parliament – which will be enforced from the 25th May 2018.
The EU General Data Protection Regulation (GDPR) will replace the Data Protection Directive 95/46/EC.
The new regulation will bring the EU up-to-date with the new, previously unknown ways that data is being used today. People will have more control over how businesses use their data, and non-compliance or breaches could result in hefty fines.
What’s Provoked a Change?
The purpose is to give people a say with how their personal data is used.
It’s common that people are completely unaware about who will have access to their information and what it can be used for. For example, companies like Google and Facebook will provide personal profile data to companies when customers log into a third-party site using a Facebook or google log in feature.
Our current legislation has been in place before the development of the internet and cloud technology, and as I’m sure you’re aware, the rise of Social Media has also played a huge part in the push for greater data protection.
GDPR seeks to prevent data exploitation, and to create trust in the digital economy.
What is Personal Data?
The definition of personal data isn’t as refined as you may think. Obviously, there’s the basics. Like demographic, marital status and telephone numbers; but the list of what is classed as personal data is almost exhaustive.
Cyber Counsel are working hard to create a full list of Personal Data Types (and they’re welcome to suggestions to add to their list). I’d recommend clueing up and heading over to Cyber Counsel’s list here, it’s certainly insightful and will aid your preparation for the 25th May.
It’s worth mentioning that anything counted as personal data under the Data Protection Act is also included in the new GDPR’s definition of personal data.
What Happens After Brexit?
“We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public.” – Kate Bradley, secretary of state for Culture, Media and Sport.
The UK hasn’t left the EU, yet, so for the time being the UK must comply. Anyway, the new Data Protection Bill, proposed in August 2017, has pretty much the same requirements as GDPR.
The Bill, so far, hasn’t been passed, but once it has it will help us to understand the regulations for protecting data after the UK is no longer a part of the EU. (Think of it as British version of GDPR with a different name). It’ll be worth while checking out the new Data Protection Bill, the more you understand about what could affect your business the better.
What is the ‘Right to be Forgotten’?
We have the right to insist our data is deleted if it’s no longer needed for the purpose for which is was collected – hence, the ‘right to be forgotten’. So, if you own a business, you can’t keep your previous client’s data on hand if they request otherwise.
You, as the business owner (or whoever the job is allocated to) must alert other organisations to delete any copies they may have of the data, as well as any additional copies they may hold themselves.
The Bottom Line
There’s no point burying your head in the sand, GDPR isn’t something that can be ignored. The new GDPR can be a lot to take in, and it’s bound to have a big impact on a lot of businesses.
During this post, I’ve focused primarily on the basics of GDPR, but I will soon be focusing on how GDPR could impact your business and how you can prepare ahead of the 25th May. Keep your eyes peeled!
About the author:
Marie Harwood is a Digital Marketing Assistant at Different Gravy Digital, Hale, Cheshire.
Different Gravy Digital are a full service Digital Marketing Agency operating in the Hospitality & Leisure, Financial Services, Legal & Property sectors. Products and services range from; 3D & 360° Tours, Website Design & Build, Social Media, Video Production, Search Engine Optimisation (SEO), Content Creation, Email Marketing, Online Feedback / Review Systems and Paid Advertising (Google, Bing and Social Media).
0161 706 0004
120a Ashley Road, Hale, Altrincham, Cheshire, WA14 2UN