General Data Protection Regulations (GDPR).
What is GDPR?
GDPR is an overhaul of the old Data Protection Act. It places new regulations on businesses to ensure that you know how they use your data, what data they have and provides you with new rights and controls over your personal data – 'YOU OWN, YOUR OWN DATA'.
GDPR will apply in the UK from 25 May 2018 and the government has confirmed that the UK’s decision to leave the EU will not affect the commencement of GDPR.
What can it do for me?
There is a range of new sweeping rights for you as a customer:
- The right to be informed – you have to be told why a company wants your data.
- The right of access – you can ask what data a company holds on you.
- The right to rectification – you can correct any data they have which is wrong
- The right to erasure – you can have all your data, aside that the company has to retain for legal reasons, removed from the company’s files.
There are further rights covering your control over data usage, the right to transfer it to another company, the right to challenge the use of data by a company and to control how your data is used in decision making or personal profiling.
Under GDPR, you have new rights regarding the loss of your data. A personal data breach is more than just loosing personal data. For example; a hospital could be responsible for a personal data breach if a patient’s health record is inappropriately accessed due to a lack of appropriate internal procedures and security controls. A serious breach could impact your digital profile and if you were disadvantaged, you could request rectification and/or to be compensated.
What are the risks?
It is difficult to see any downside risk to you personally, but if you own a company or use other people’s data you need to make sure you comply with the new regulations. Business owners can get more detail on how GDPR can affect you and your business at https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/