GDPR: the phrase of 2018, we look at the data protection regulation basics
Walking through Covent Garden yesterday, while upping my daily step count, I overheard a snippet of a phone call between an exasperated businessman and what I can only assume was a colleague of his. To quote “I don’t know what this means Martin, all I know is that they’re changing all of the bloody data protection rules!”
2018 has arrived and people still aren’t clued up about GDPR.
While officially it might be the Chinese year of the dog, unofficially, it’s the year of the GDPR. And those “bloody data protection rules” come into effect on May 25. Judging by bizman and Martin’s conversation, some people need a GDPR reminder. So, here’s CitizenMe’s brief guide to the legislation, for those who want a refresh, a concise summary, or an introduction to it as a whole.
What is GDPR?
General Data Protection Regulation or GDPR, is the new data protection legislation. It has been created (primarily) to give individuals more control over their personal data. The regulation means that citizens will have more rights when it comes to organisations using their info.
Currently, when it comes to handling and using personal data, the regulations we have in place favour organisations. One of the main beneficiaries of the existing legislation are data brokers, such as Experian. Over the years, they have been allowed to collect digital data on millions of people without any consent being given. They then sell it on for huge profits. The new law means that companies will now have to be much more transparent, which is great for citizens. Businesses will now have to explicitly seek an individual’s permission to use their personal information for each use case.
The regulation also makes it not-so-easy for non-EU businesses
GDPR won’t just apply to European businesses, but any company that uses the personal data of EU citizens. This means brands across the globe will also have to comply. As well as protecting the use of citizen’s data, the regulation also means that organisations have a responsibility to protect the data that they hold.
Prior to GDPR, information such as names, contact details, banking information, and social profile information could easily be passed on to other departments & organisations, and used without consent. Yes, this will have created efficient processes for businesses, but it won’t have made for a pleasant experience for citizens.
What does the GDPR mean for citizens?
There are eight key points for citizens to note when it comes to their data:
|The right to access||Citizens can request a copy of the data that organisations hold on them and details of how it is being used.|
|The right to be informed||Companies must make citizens aware that they are going to collect data about them before the collection takes place. Data subjects (everyone) must give their explicit consent for their data to be collected.|
|The right to erasure||People can withdraw consent and have their data deleted if they cease to be customers.|
|The right to restrict processing||Restricting processing means that a citizen can allow a company to keep their data but will not allow it to be used.|
|The right to data portability||Individuals will have the right to transfer a digital copy of their data from one service provider to another. Organisations will be legally obliged to provide this information.|
|The right to object||Citizens will be able to object to their data being processed for direct marketing purposes. Processing must cease as soon as a company receives the request from a citizen.|
|The right to rectification||This allows people to have the information held about them corrected if it is out-of-date or incorrect.|
|Rights related to automated decision making and profiling||If any business decisions involve automated decision-making and profiling, people will have the right to:
Will my business be affected?
Almost definitely. Any company that controls or processes data within the EU is bound by the GDPR, whether they are based in the European Union or not. There are massive penalties for failure to comply, with fines of up to €20m or 4% of a company’s annual global revenue – whichever is greater. Yep, you read that right. Marketing teams are likely to feel the most pressure from the regulation. Consent will now need to be granted by an individual for each specific instance that their data is being used. It’s important to remember that this regulation applies to all the data that a company currently holds. Even if you have had someone on your mailing list for 10 years, come May 25 you will need to ensure that they have explicitly opted in to that list to contact them.
See the positives of enhanced data protection
At CitizenMe, we think this is a great piece of legislation that will empower citizens, and help create stronger relationships with brands. Transparency is key. Organisations will get more respect and loyal customers by being open and honest with them. They should view GDPR as a great starting point to create stronger, more trusted relationships that can improve brand perception. Companies that treat it as a threat will struggle to flourish in the digital age. And if you haven’t already, get creating your strategy – fast!