Modern companies can collect and store personal data online in ways that were scarcely imagined just thirty years ago, and the new law is an important step forward in regulating and controlling access to this information.
What’s So Different?
The GDPR hands control of personal data back to the consumer. Business and other organisations must obtain specific, clearly worded consent before collecting or storing data on an individual. Customers can also request a copy their personal file, and by law the organisation must comply, free of charge, within 30 days. Additionally, customers can revoke their consent or even request that their personal data be deleted, although this ‘right to be forgotten’ is subject to some exceptions.
While individuals have more rights under the GDPR, companies also have more responsibilities. Personal data must be kept confidential and secure, and cyberattacks or data breaches must be reported within 72 hours of the company becoming aware of the problem.
The GDPR is Here to Stay
UK citizens and companies may wonder why they should worry about an EU law with Brexit just around the corner. First, the GDPR claims privacy jurisdiction in a whole new way. Companies processing personal data on EU citizens must comply with the regulation regardless of where they are physically located, or face hefty fines, up to £17.5 million or four percent of the company’s profit. After Brexit takes effect, UK companies that hold or process data on EU citizens will need to comply with the law. Second, the UK’s new Data Protection Bill is expected to ensure the same GDPR protections for all UK citizens even after Britain leaves the EU.
The current inundation of privacy notices and consent requests may seem daunting, but remember they are designed to give you more rights and control over your own personal data. Contact ReputationDefender for more information on how these new rules can be used to help manage or rebuild your reputation.