For the past twelve months GDPR has occupied a large portion of our time, whether this was making sure TipTop Media is compliant with the new legislation, working on developing templates to help our clients and others in their quest to achieve compliance or writing blog posts on pertinent topics (our thoughts ranged from the impact of GDPR on cyber security, protecting sensitive data to getting your website ready and more). With businesses potentially facing large fines for failing to comply with the new regulation, the emphasis to date has been very much on the impact of GDPR on businesses. For once, we wanted to look at GDPR from a personal point of view, and what changes we, as users, can expect to see.
The first area to get to grips with when understanding the impact GDPR will have on you personally, is to understand just what constitutes personal data in this day and age. This could be anything from the traditional name, address and date of birth, to photographs, gender, health conditions, race, ethnicity and religious beliefs. While, under the new legislation, companies are allowed to store historical data, there now also exists a ‘right to be forgotten’, which means that if you feel an organisation is retaining your personal information and it is no longer relevant for them to do so, you can ask them to delete it. If you’re not sure what personal information is currently held by a company or organisation, you can now make a Subject Access Request, or SAR. The company you submit this to will then have 30 days to respond and show you the data that they have stored. You can then either request they delete it all or rest assured that you are happy with the data they have collected from you.
With just over three weeks to go, we’re sure you will have noticed emails dropping into your inbox saying that a company’s terms and conditions are changing and asking you to opt back in. This is a direct result of the clause within GDPR stating that consent must be explicit, and that users must actively agree to share their data. This could be done as above, when a company asks you to opt back in, or it could be done through a double opt in, when you opt in once through a tick box, and secondly through clicking on a link sent through on an email. Either way, the introduction of explicit consent presents us with the perfect opportunity to own our data, sharing only what we want to share. Perhaps the best example of how GDPR will benefit us all on a personal level is to look at the recent Facebook and Cambridge Analytica scandal. With Facebook admitting that as many as 87 million people had their data improperly shared, it is interesting to know that the regulations within GDPR would have prevented this from happening.
If your business is still working on achieving compliance ahead of the 25th May deadline, have a look at our GDPR Compliance page to see how we could help, or alternatively drop us an email to firstname.lastname@example.org with GDPR in the subject line.