What is GDPR and how does it affect me?
The General Data Protection Regulation will be coming into effect on May 25th
The General Data Protection Regulation (GDPR) is coming into effect on 25th May 2018, but what is it and how will it affect you?
What is GDPR?
The GDPR is a regulation that will give greater rights to consumers regarding their personal data and how companies use it. Personal data can include your name, where you live, your gender, your job or education, and other information about who you are. It is replacing the current data protection laws in the European Union.
When GDPR comes into effect, companies will have a greater obligation to protect the personal information that they have gathered about you.
Organisations will be required to be completely transparent about why and how they use data, and they must provide information about how they are safeguarding personal data.
Individuals will have the right to be provided with copies of what information a company has about them, and they can have their data erased if they so wish.
Under this new law, the Data Protection Commissioner (DPC) “will be able to fine organisations up to €20 million (or 4% of total global turnover) for the most serious infringements” if they do not comply with the regulation.
Rights for individuals
Under the GDPR, individuals will be given the right to:
- Access information about how your personal data is processed
- Access personal data held about you
- Ask for incorrect, inaccurate or incomplete personal data to be corrected
- Request personal data to be erased if it’s no longer needed
- Object to the use of your personal data for marketing purposes
- Request the restriction of the processing of your personal data in specific cases
- Access your personal data in a machine-readable format and send it to another controller (‘data portability’)
- Request that decisions based on your personal data is made by a real person, not only by a computers.
What to expect over the coming weeks
Before GDPR comes into effect, organisations are required to contact people and make them aware of the changes they are making to their data protection policy.
Companies are in the process of updating their privacy policies and T&Cs to ensure they’re clearer, more precise and use plain language we can all understand.
People should expect to be receiving emails from any organisation that they have given their information to, highlighting to them what will be happening and how they can change the permissions that the company has in regards to their data.
The Data Protection Commissioner has created a website specifically to provide information about GDPR and how it will affect both individuals and organisations. The website can be found here: gdprandyou.ie