A year today the UK’s Data Protection Act will cease to be.
On May 25th 2018 the biggest change to our data protection law in 20 years will kick in. The General Data Protection Regulation, better known by its acronym GDPR will be its replacement.
The GDPR will expand and extend the current data protection requirements for anyone processing personal data and will give you, the data subject, a raft of rights to put you a little more in control of when, how and why your data should be used.
The GDPR will apply to every EU Member State, every EU citizen and any organisation which provides a service or goods to an EU citizen.
Regardless of Brexit, the UK will be formally enacting and applying GDPR next May. It is anticipated that in the post Brexit landscape it will find itself a part of the Great Repeal Bill, any changes which were to be made to the Regulation at that point would have to ensure the UKs adequacy in terms of data protection. But that is some way off. For now, simply learning what the GDPR is will be a good start.
Whilst most of the detail in the Regulation is for business to address, there are key rights which will benefit the individual, these come in the form of 8 specific data protection rights:
- The right to be informed
- The right to access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights relating to automated decision making and profiling
These rights will enable us to have more control over how our data is used. They will give us the right to request that inaccurate personal data about us is amended or removed. We will get the opportunity to specifically say no to targeted marketing, to our date being used to profile us and to question how automated decisions based on our data have been made- imagine this as a challenge to the “computer says no” process so many people find frustrating and worrying.
Companies will have to specifically seek our consent to access, keep and share our personal data and if they want to use it for a new purpose they will have to come back and ask our permission all over again. Not only that, but organisations will have to produce impact assessments outlining transparently how they intend to use our data.
These are just some of the opportunities and benefits in the GDPR. Importantly, for the GDPR to work and for organisations to adhere to the new rules people will have to begin to take greater care of their data, challenge who they share it with and question whether an organisation is going to treat their data properly. If an organisation doesn’t fulfil these requirements, citizens must feel brave enough to say no and look elsewhere.
The age of trusting everyone with our data is long over. This has been acknowledged by the GDPR. Whilst the new Regulations are far from perfect they are a good starting point. The GDPR will educate every one of us that we have an individual and collective responsibility towards protecting personal data.
Over coming weeks Big Brother Watch will be publishing a series of GDPR Factsheets designed to explain simply what the GDPR is, how it will work and what your rights will be. We will announce them on our website, Twitter and Facebook page. In the meantime if you have any queries about the GDPR we would recommend you visit the Information Commissioner Office www.ico.org.uk where you will find an overview of the new laws.