THE AGE OF CONSENT IS UPON US.
Did you know the GDPR from the ICO is to replace the DPA 1998?
Don’t you just love the way governments make policies so attractive and easy to digest?
Concerned with those little tick boxes that do their very best to ensure you allow them to sell your data to very devil himself by use of phrases like “please untick this ticked box if you do not want us to not share data with anyone who will pay us for it”? This passive acceptance model and many other tricks to take and share / sell your personal data is at long last about to be changed and for once in your favour!
For 20 years we have been covered by the Data Protection Act, due to the drastic changes to the way our personal data is accessed and shared the EU have spent 4 years drafting the new General Data Protection Regulation in order to provide two things.
Firstly, the EU want to give you more control over how your personal data is used. Did you know for instance that Google and Facebook, two separate companies, regularly share their data on you in exchange for use of their services and sell on to the highest bidder, maybe the reason why they are multi-billion USD companies? The new legislation is designed to strengthen data protection legislation and introduce tougher enforcement measures.
Secondly the EU aims to provide businesses a simpler, more transparent legal environment in which to operate and to make the laws on data protection the same throughout the single market, providing an estimated saving of over 2 billion euro (about £2bn at the new exchange rate).
More rights for you – you will have the right to demand that your data is deleted under a new “right to be forgotten” rule, if the data is no longer necessary for the purpose it was collected for or if you decide to withdraw consent, something that is almost impossible to force organisations to do currently.
You will remember the recent massive data breaches like BT Yahoo where 1 billion accounts were breached in 2013 but not reported until 2016? Under the new rules any breach must be reported to the ICO within 72 hours and the people whose data was breached must be notified, detailing the potential consequences and the measures taken or plan to take.
Punishment – if they do not meet the 72-hour deadline they risk a fine of up to 10m Euro or 2% of annual turnover. If they contravene the basic principles such as consent these penalties can DOUBLE!
This is all very good news for you, the person whose data has been used purely to make profit for large corporates and many other smaller spurious groups. And so poorly secured by them that billions of us have been adversely affected by their cavalier attitude and many have lost all their savings. But we are leaving the EU? Yes, but this law will come into effect before we leave. So let’s hope that we decide to keep it in place?
If you are a business, regardless of size, these new rules will apply to you and the way you handle data. Due to the huge fine you could face you really need to get on board. I have produced a crib sheet for you that will help. Please email me and request.