The GDPR and You
Have you ever heard about GDPR? No? Well, you may have heard of the Data Protection Act 1998 (DPA). This piece of UK legislation is there to protect your personal data which may be kept by different companies, services and government departments, for example; you may have cable TV, bank accounts and use many more companies in the course of your daily activities. All of these companies will need to hold and use information about you – where you live, how old you are, what you like etc. in order to service and deliver what you request. The DPA ensures that they only keep what is necessary for them to do their job, and to keep what they do hold, securely and dispose of it, when required, in a responsible manner.
The DPA is about to morph into the very new General Data Protection Regulation (GDPR), a more relevant law for today, which has been targeted at, and aiming to protect both the consumer and the service provider. We are all consumers and so the changes to data protection affects us all, whether we want it to, or not.
When does it affect me?
The DPA has been operating for a many years however the new changes introduced by the GDPR will become active on the 25th May 2018. If you are solely a consumer, and you don’t handle anyone else’s data, you should still know what the new law will protect you from and what you can do about things if someone loses your details.
As we said earlier, we are all affected by GDPR, regardless of our opinion and all of the companies and government departments which you come across in your daily life, are required to comply to the law. This means to you:
- Any company, organisation or department has to ask for your permission to store any of your personal data. By this we mean; anything which can be used to identify you – your name, date of birth, ethnic minority, address etc.
- If a particular piece of information about you isn’t relevant to the service you are receiving, the company should not be holding it.
- The company or organisation holding the data should not take unnecessary risks with your data, share it or use it other than for what you have originally agreed. For example: If they use your email address to add you to a mailing list when you haven’t agreed to it, they are misusing your data. However, if they need to appoint a Data Processor to deliver the service you have agreed to, this is acceptable as long as the Data Processor works within the rules defined by the company holding your data.
- If you haven’t given them permission, by opting in for instance, then they shouldn’t be using your data.
What can I do if I think my data has been misused?
As a consumer, you are entitled to lodge a complaint with the Information Commissioner’s Office (ICO) if you feel that your data has been misused or lost. You can contact them via www.ico.org.uk or call 0303 123 1113. If someone who holds your data has had a serious data breach, they should contact you directly to inform you, and advise you of the actions which they are taking as soon as possible after the breach. They should report any incidents to the ICO within 72 hours of them becoming aware that the incident has happened.
It does sometimes happen that a data-controller hasn’t reported a breach to them ICO, in these instances, as soon as you are aware of the leak, inform the ICO immediately and they will take it from there. They are keen to stop the larger companies ignoring the law, but they also understand that the smaller incidents can be just as damaging to the victims.
How can I learn more?
If you would like to know what data any organisation holds about you, you are entitled to copies, however under the DPA the data controller (the organisation which holds your data) can charge you an administration fee of no more than £10 for retrieving this. Once GDPR is enacted the data controller will no longer be able to charge you an administration fee.
We do have more articles about GDPR on our website, follow our link https://www.smartertechnologies.co.uk/tag/gdpr if you would like to know more.
We, at Smarter Technologies, are working towards improving security for all our clients and we take customer privacy very seriously. Get in touch with us if you would like to give your company and clients the best protection around.