Users’ guide to new law protecting your information
FACEBOOK recently found itself up to its neck in the Cambridge Analytica scandal, with boss Mark Zuckerberg ending up in front of US lawmakers.
At the centre of it all was misuse of people’s personal data and invasions of privacy.
But in weeks the whole personal data game will change with a new piece of legislation.
The General Data Protection Regulation comes into force in Europe on May 25 and confusing emails about it are already filling inboxes nationwide.
GDPR affects any company or organisation which processes the data of any EU citizen and applies whether or not that company is based in the EU. So this means Google and Facebook, too.
And it is unaffected by Brexit – the Government is implementing the Data Protection Bill, which largely mirrors the GDPR.
While the law is large and complex, importantly it gives individuals more rights to information held about them, as well as control over how their data is used.
Here is everything you need to know about the GDPR.
Who does the GDPR affect?
Practically everyone. If you have signed up to any kind of online service, whether it is a Clubcard from Tesco or a Gmail account from Google, you will be covered by the new legislation.
The only people whose data it does not cover are the deceased.
It is not just about being online, either. People who do not use the internet are still covered as their data may be processed so they can receive letters or magazine subscriptions through the post.
Furthermore, if you are an employee, you will have certain rights because the company you work for is processing your data in order to pay your salary, provide you with equipment or know where you are during work hours.
Any firm with employees will have to make them aware of when and how their data is being used.
What does it mean for me?
First, you can expect to be told more about how your data is being used. Second, you can request access to it and ask for copies of it, or have the entire process stopped.
What’s more, firms have to be clear and transparent about everything, which is why you might be getting a flurry of emails asking you to tick boxes to give your consent for use of your data. You may also see new icons pop up on your mobile phone to indicate that you are agreeing something will need to process data, such as your email address, phone number or even your location. For example, on an iPhone, you will now see a small blue icon of two people shaking hands; Apple’s way of telling you a feature needs access to your information.
Why is it so serious?
Part of the reason companies are taking such notice of GDPR is that the fines involved for noncompliance are gigantic.
For the most serious breaches, regulators will be able to issue penalties equivalent to up to 4% of annual global turnover or €20million; whichever is greater. For giant companies, these fines could run into hundreds of millions of pounds.
Will it make a difference?
It already appears to be. Many large technology and internet companies have begun the process of making their data practices more transparent.
Both Facebook and Twitter have been rolling out updates to their privacy policies, adding clearer