The General Data Protection Regulation, or GDPR for short, is a major new European privacy law that went into effect on May 25. GDPR will radically reframe our relationship with the organisations that store and process our data. From Amazon to the UK National Health Service (NHS), organisations around the world are desperately racing to ensure compliance, even after the deadline.
Yet despite these efforts, just one in ten consumers have heard of the data protection regulation.
That’s a shame, because this is a huge piece of legislation which will impact virtually every industry in its bid to make the region’s privacy laws fit for the digital age. As it does so, GDPR will finally put consumers in the driving seat, making it easier to protect your privacy and demand greater transparency and accountability from those who use your data.
We live in an increasingly data-driven world. Digital platforms have revolutionised the way we work and play — making us happier, healthier and more productive. But the flipside for consumers is that it has left us all increasingly helpless as our data is misused, shared, and resold around the world. If anyone is still in any doubt, just look at the recent Facebook data scandal.
Although the number of UK consumers concerned about online privacy has fallen over the past five years, it still stands at 75%, according to new DMA research. Most of us are “data pragmatists;” consumers who are willing to part with personal info, but only if there’s a clear reward for doing so. We want organisations to take more responsibility for our data, to ensure it isn’t misused and shared with countless third parties. The majority (54%) of us consider trust as the most important factor when deciding whether to share personal information, and 88% of us rate transparency in data exchange as a priority.
The good news is that the GDPR has been painstakingly drawn up over several years to help drive exactly this trust and transparency — giving ordinary consumers control over their data. Even better, the regulations will still apply in the UK after Brexit.
But the law won’t have the desired impact if consumers don’t know it exists, or what their newly expanded rights are. That’s why UK regulator, the Information Commissioner’s Office (ICO), launched a new awareness-raising campaign last month. Of those that are aware, 90% want direct control over the way businesses use their personal data and 89% want to see what data organisations hold on them, according to separate research.
It’s going to be a fascinating year ahead.
5 New Privacy Enhancements from the GDPR
With that in mind, here are the top 5 new enhancements to our privacy rights, courtesy of the GDPR:
- Marketing Consent: A common grumble consumers have is being submerged with marketing spam. Well, that’s set to change, as the GDPR makes it much easier for us to control what we receive from companies.
If you haven’t seen them coming thick and fast in your in-box already, many firms including banks, insurance companies, retailers and others will have to send explicit consent requests written in plain English.
Perhaps most notable: a lack of a response from the consumer does not indicate consent.
- Right to be forgotten/erasure: This allows individuals to request that personal data be deleted or removed in certain circumstances, such as withdrawal of consent, or when that data is no longer accurate. It could apply most significantly to providers like Google being forced to remove information on individuals from the web.
- Right to change data: Consumers can also demand organisations change and/or update any details that are inaccurate.
- Right to portability: Consumers will be able to demand that organisations provide them with all the personal data they hold on them, in order to transfer it easily to another provider. You might want to do this when changing an ISP or bank.
- Right to access: Consumers will be able to demand any organisation provide them with access to their personal data and relevant “supplementary info.”
There’s much more in the GDPR, besides these benefits listed above, that will be welcomed by consumers. It also forces providers to better protect personal information from hackers and come clean within 72 hours if they discover a data breach, for example.
Taken together, these important new steps will hopefully usher in a new era of accountability and trust. With fines of up to 4% of global turnover, or £17 million (whichever is higher), those organisations that try to ignore it may soon find they’ve made an expensive mistake.