If you work in a business that processes any sort of data, you might have heard about the EU’s General Data Protection Regulations. Think of it as a sort of beefed up Data Protection Act that works for all EU citizens and British subjects (yes, even after Brexit).
We’re currently all trying to catch up with the internet – billions of bits of your data is pinging around online, being collected and processed by hundreds of companies at a size and speed that has massively outpaced data protection laws across the globe. What we’re currently seeing from many corners is a redressing of the balance between you and your data and the companies that collect and process it.
That’s why you’ll be able to link up a third-party app with your bank account to better manage your budget. It gives you control over your data. And the GDPR is another part of that movement.
But what does all that really mean at ground level?
No more marketing spam (unless you want it)
Want to sign up to a company newsletter? That’s great. But what about all those marketing emails that tempt you to break your budget?
Once the GDPR comes into force on May 25th 2018, companies must obtain your explicit consent to send you communications. They won’t be allowed to assume you agree to receive stuff from them either – you have to absolutely say yes.
If a company sends you emails without your consent, they’ll be breaking the law. Bad news for them, but good news for your inbox.
Clearer overview and insight
Companies hold loads of data on you. It’s how Netflix knows what films you’ll like; it’s why those silly adverts follow you around on every website after a single search. But do you even know what that data is?
With the GDPR, you’ll be able to see exactly what data a business holds on you – and, so long as it’s a ‘reasonable request’, you should get that information within 90 days. You can even request that a business…
- Hold the data but not process it
- Stop processing your data entirely
- Amend inaccurate data
- Delete all data – known as ‘the right to be forgotten’
By getting hold of this sort of data, you can gain a much clearer overview of how companies see you, which is pretty handy when, for example, you’re considering obtaining credit.
Take your data with you
So, we know the GDPR is all about giving you total control over your data. When the directive comes into force, you’ll have the ability to take all your data from one company and transfer it to another.
When you make a request for data portability, a business has to do two things…
- Send this information within 90 days
And
- Send it in a commonly used, machine-readable format
Which basically means, a program most computers can read, like .CSV or Excel.
That way, you can be sure that only companies you want to deal with have access to your information. It also makes it even easier to, for instance, switch accounts without losing any vital data that builds up over time.
Ultimately, with the GDPR, companies will have to be a lot more transparent with you about what information they hold on you, and how they use it. From your spending habits to the photos you post online, you’ll have that much more control, and far stronger consumer rights. Makes sense. After all, any data you provide is essentially the digital ‘you’ – and that’s worth protecting.