With less than 60 days to the General Data Protection Regulation (GDPR) deadline, are you ready for the change? Too much emphasis has been placed on companies and technology and not the data subject according to UK CEO of SaaS (software as a service) firm, ICONFIRM, Mike McEwan.
It is almost impossible to open a magazine or newspaper recently without reading something about GDPR but with less than 60 days until the introduction of the regulation on May 25, it seems few British people and businesses are prepared for its implications. Despite the new regulations being announced two years ago and the deadline now less than two months away, there still appears to be a great deal of mystery surrounding GDPR for most British people. The theme of many GDPR stories is often negative with a great deal of scaremongering surrounding heavy fines to business for data breaches and little said about the effect of GDPR on data subjects/individuals.
To the average consumer, GDPR appears overwhelmingly complex and difficult to understand but this doesn’t have to be the case. In fact, what most people don’t yet seem to appreciate is that GDPR offers an opportunity to individuals to own their details giving them the ability to control and even revoke consents for sharing and storing their personal data. In an increasingly data driven digital world, the requirement to share our personal information is often a daily activity and the general public are becoming much more familiar with requests for their details.
A 2017 survey conducted by market research company, YouGov highlighted that the majority of British people still don’t understand what GDPR is and how it will affect them personally. The survey revealed that while two in five people said they had seen or heard something in the media about a new data protection regulation, almost three quarters (72 percent) hadn’t actually heard of the regulation itself. The survey also showed that more than half of British people appreciate that providing personal data is a necessary part of registering for services and products but almost all those polled (96 percent) confessed to never reading all, if any, website terms and conditions, privacy policies and cookie consents.
News stories of data breaches in the UK and around the world make headlines highlighting the risks when personal data falls into the wrong hands but most people seem unaware that GDPR will assist in solving some of these issues. Just over a week ago, data analytics firm, Cambridge Analytica found itself at the centre of a dispute with Facebook over the use of personal data and whether this activity impacted the outcome of the UK Brexit referendum or the US 2016 presidential election. According to data and research website, eMarketer, around 34 Million people in the UK are currently Facebook users so news of misuse of personal data on this social media giant will obviously unsettle a large proportion of the population and raise awareness of the implications of oversharing personal information.
It seems that the British public often provide an uninformed market to those organisations that retrieve and hold personal data. The new rules under GDPR, offer a real opportunity to consumers to control their own personal information making it incredibly important for people to understand their rights. It is important not only for individuals to educate themselves on the new regulation, but for businesses and service providers to ensure they have the robust processes in place to simplify the consent process for consumers. The new regulation empowers individuals to own their personal information ensuring that data is not processed prior to consent being given. UK businesses not only need to ensure they have policies and procedures in place to adhere to GDPR, but must also ensure all staff who deal with consumers personal information are thoroughly trained on its impact and on the rights of the individual.
Firstly, people should understand that the term ‘personal data’ can refer to anything that identifies an individual including photographs, name and date of birth, home address, dependents, racial or ethnic origin, religious belief, health conditions, gender etc. Many organisations hold vast quantities of outdated, inaccurate information in databases and the individuals concerned often aren’t even aware that the data being held still exists. Under the new regulation, organisations are permitted to hold historical data however GDPR introduces the much talked about ‘right to be forgotten’ which enables data subjects the right to request an organisation delete all information held about them if it is no longer relevant. GDPR gives much greater control to data subjects providing individuals with greater visibility of their data and the right to make a Subject Access Request (SAR). Put simply, everyone is entitled to access their personal data on request and organisations are obligated to respond to requests within 30 days under GDPR regulations.
Whilst placing greater focus on the data subject, GDPR also offers businesses the opportunity to clear a backlog of unnecessary information and provide a better, trusting and more secure service to their clients and customers. Under GDPR, data subject consent must be explicit and permissions must be easily understood with the minimum use of jargon. The regulation will simplify the process and empower individuals to control their own personal data whilst also making organisations who deal with personal information more accountable for its security. There is no doubt the introduction of the regulation will present a challenge but overall GDPR represents a very positive change for us all.
Visit https://www.iconfirm.eu/uk.
