It is virtually impossible to open a magazine or newspaper recently without reading something about GDPR but with little over a month until the introduction of the regulation on 25th May 2018, it seems few British people and businesses are prepared for its implications.
Despite the new regulations being announced two years ago, there still appears to be a great deal of mystery surrounding GDPR for most British people. The noise surrounding the regulation is often negative with a great deal of scaremongering surrounding heavy fines to business for data breaches and little said about the effect GDPR will have on real people – the data subjects.
To the average consumer, GDPR appears overwhelmingly complex and difficult to understand but this doesn’t have to be the case. In fact, what most people don’t yet seem to appreciate is that the new regulation offers an opportunity to individuals to own their details giving them the ability to control and even revoke consents for sharing and storing their personal data. In an increasingly data driven digital world, the requirement to share our personal information is often a daily activity and the general public are becoming much more familiar with requests for their details.
A 2017 survey conducted by market research company, YouGov highlighted that the majority of British people still don’t understand what GDPR is and how it will affect them personally. The survey revealed that while two in five people said they had seen or heard something in the media about a new data protection regulation, almost three quarters (72 percent) hadn’t actually heard of the regulation itself. A more recent survey conducted by Kantar earlier this year found that just 35% of those polled had heard of GDPR and had little understanding of the regulation. Even as the deadline approaches, it seems the British public remain uniformed.
News stories of data breaches in the UK and around the world make headlines highlighting the risks when personal data falls into the wrong hands but most people seem unaware that GDPR should help in avoiding some of these issues. Just a few weeks ago, data analytics firm, Cambridge Analytica found itself at the centre of a dispute with Facebook over the use of personal data and whether this activity impacted the outcome of the UK Brexit referendum or the US 2016 presidential election. According to data and research website, eMarketer, around 34 Million people in the UK are currently Facebook users so news of misuse of personal data on this social media giant will obviously unsettle a large proportion of the population and raise awareness of the implications of oversharing personal information.
It seems that the British public often provide an uninformed market to those organisations that retrieve and hold personal data. The new rules under GDPR, offer a real opportunity to consumers to control their own personal information making it incredibly important for people to understand their rights. It is important not only for individuals to educate themselves on the new regulation, but for businesses and service providers to ensure they have the robust processes in place to simplify the consent process for consumers. The new regulation empowers individuals to own their personal information ensuring that data is not processed prior to consent being given. UK businesses not only need to ensure they have policies and procedures in place to adhere to GDPR, but must also ensure all staff who deal with consumers personal information are thoroughly trained on its impact and on the rights of the individual.
Firstly, people should understand that the term ‘personal data’ can refer to anything that identifies an individual including photographs, name and date of birth, home address, dependents, racial or ethnic origin, religious belief, health conditions, gender etc. Many organisations hold vast quantities of outdated, inaccurate information in databases and hard copy filing systems and the individuals concerned often aren’t even aware that the data being held still exists. Under the new regulation, organisations are permitted to hold historical data however GDPR introduces the much talked about ‘right to be forgotten’ which enables data subjects the right to request an organisation delete all information held about them if it is no longer relevant.
Whilst placing greater focus on the data subject, GDPR also offers businesses the opportunity to clear a backlog of unnecessary information and provide a better, trusting and more secure service to their clients and customers. Under GDPR, data subject consent must be explicit and permissions must be easily understood with the minimum use of jargon. The regulation will simplify the process and empower individuals to control their own personal data whilst also making organisations who deal with personal information more accountable for its security. There is no doubt the introduction of the regulation will present a challenge but overall GDPR represents a very positive change for us all.