GDPR — Why All Those Privacy Policy Updates Are Actually a Good Thing

Have you been wondering why your inbox is suddenly so full of emails from companies informing you about updates to their privacy policy? If so, you’re not alone. The EU’s new personal data privacy policy, the General Data Protection Regulation (GDPR), went into effect on the 25th of May this year, replacing the old 1995 directive which had become out of sync with the needs of today’s internet users.

Modern companies can collect and store personal data online in ways that were scarcely imagined just thirty years ago, and the new law is an important step forward in regulating and controlling access to this information.

What’s So Different?

The GDPR hands control of personal data back to the consumer. Business and other organisations must obtain specific, clearly worded consent before collecting or storing data on an individual. Customers can also request a copy their personal file, and by law the organisation must comply, free of charge, within 30 days. Additionally, customers can revoke their consent or even request that their personal data be deleted, although this ‘right to be forgotten’ is subject to some exceptions.

While individuals have more rights under the GDPR, companies also have more responsibilities. Personal data must be kept confidential and secure, and cyberattacks or data breaches must be reported within 72 hours of the company becoming aware of the problem.

In the two years since the law was passed by the European Parliament, companies have been reviewing and updating almost every part of their data collection process, from consent forms, to data storage, sharing practices, and detection of hacking attempts or breaches. The new privacy policy in your inbox likely represents much more than a simple rewrite. It’s the result of technological and procedural updates that affect almost every aspect of the system.

The GDPR is Here to Stay

UK citizens and companies may wonder why they should worry about an EU law with Brexit just around the corner. First, the GDPR claims privacy jurisdiction in a whole new way. Companies processing personal data on EU citizens must comply with the regulation regardless of where they are physically located, or face hefty fines, up to £17.5 million or four percent of the company’s profit. After Brexit takes effect, UK companies that hold or process data on EU citizens will need to comply with the law. Second, the UK’s new Data Protection Bill is expected to ensure the same GDPR protections for all UK citizens even after Britain leaves the EU.

The current inundation of privacy notices and consent requests may seem daunting, but remember they are designed to give you more rights and control over your own personal data. Contact ReputationDefender for more information on how these new rules can be used to help manage or rebuild your reputation.