GDPR – what you need to know
With GDPR coming into effect in May, do you know all you need to about it? We’ve got all the essential info in this post.
As of May 25th, the EU are bringing in new data regulatory standards to make the internet a fairer place for everyone – especially us users. Whilst we may be leaving the European Union, maintaining these data standards still applies to us – both UK residents and businesses. If you aren’t too sure what the new GDPR means for you, there’s some key information you need to know.
In this post, we’ll be explaining all you need to know about GDPR – including what it is, how it affects you and more. Whilst the document for GDPR is lengthy, we’ve taken the liberty to sift through, and draw out all the important points to highlight within this post. This is what you need to know about GDPR.
GDPR – what is it?
GDPR stands for the General Data Protection Regulation, and it’s a new law that will affect how a user’s data is processed (users are people who provide personal data to companies in exchange for their services). Take Facebook, for example, when you sign up to use their ‘free’ service, within their terms and conditions they state that your information will be used for targeted ads, third-party sites and more. However, with the new GDPR coming into effect, you will have to consent to this information being used.
Before, the GDPR, there would be no option to opt in for your data to be used by Facebook. The on-going Facebook and Cambridge Analytica scandal is a prime example of the misuse of personal data. In this, personal data was passed on by Facebook, without users’ consent, to Cambridge Analytica – consultants for UK elections.
However, with the new regulatory standards coming into effect, a scandal as big as this should not happen again – and if it does, there will be some hefty fines tagged on. Breaching the regulations can cost businesses €20million or 4% of their annual global turnover – whichever is greater. When GDPR comes into effect on May 25th, it will replace the current Data Protection Act of 1998.
The GDPR is about allowing users’ data to be treated more fairly by companies. This means that there will be a new level of transparency between data collectors and users, so you’ll know exactly what your data is going to be used for and why.
Why is the GDPR coming into effect?
With huge companies such as Amazon, Google and Facebook holding so much of our personal data, steps need to be taken to ensure that events like the Cambridge Analytica and Facebook scandal, won’t happen again.
Because of the rate the internet has grown in the past 20 years, the law makers haven’t been able to keep up. And as the data usage information has always been hidden in the lengthy terms and conditions, no laws were broken – technically. But now with the GDPR, companies must provide a clear ‘opt in’ option as opposed to the current ‘opt out’. Companies are updating their websites and systems, to ensure that your data is not held if you don’t wish it to be.
Every user has the right to request to be forgotten, which means, in certain instances, your data must be deleted and not used again until you opt in to services. We’ll go into more depth about what the GDPR means for users, further on.
What the GDPR means – for businesses
From a business perspective, the GDPR means that your personal data will no longer be allowed to be used by companies without purpose. Users must choose to opt in, in order to agree that their data can be used. This applies for targeted ads on social media networks, as well as the way your data is kept – e.g. deleting your data if it’s no longer being used for a purpose. Most businesses should have adapted their websites and systems to meet the new GDPR or will have to by May 25th. Larger companies will have hired a data protection officer, to oversee and ensure that all the GDPR standards are met within an organisation.
The data needs to be used by these businesses lawfully, in a transparent way and with purpose. So, this means that your data will be used legally (obviously), and in a way that you will be fully aware of – should you read the terms and conditions. Finally, your data can be kept with purpose by businesses (data controllers), and should you ask for it to be deleted and removed, it must be.
What the GDPR means – for users
As a user, your data will be treated more fairly by companies. Most of all, you’ll have the choice to opt in to your data being used and collected, and, as we’ve mentioned, you will have the right to be forgotten by data controllers – and have your data permanently deleted. Which means, your data won’t be kept on file for years on end, and you won’t receive emails from companies a year on.
Like we’ve said, it’s about having your data treated more fairly by companies and data holders. Personal data under GDPR will now consist of your IP address and your mobile device identity as well – two of your online identifiers. The terms and conditions won’t be as long and what your data is being used for must be explicitly declared, and not hidden within the T&Cs.
Other Resource: https://digitalguardian.com/blog/what-does-gdpr-mean-for-you
Online Data Collectors
Many sites and services have begun updating their T&Cs, as well as taking the steps to ensure that their collection of user data is in line with GDPR. As we’ve mentioned, Facebook has started informing users what their data will be used for. If a data controller, such as Facebook, is the victim of a breach in security, meaning users’ data will be compromised, then the controller must inform the authorities within 72 hours. The company must also inform users of the data breach if their data stolen has a high risk to your freedom or rights – such as identity or financial fraud. The new policies of the GDPR mean that online data controllers must ensure that their security systems are always up to date, as well as complying with the standards set by the GDPR.
Which means that data must be controlled and regulated by a data officer, as we’ve mentioned. Their job will consist of making sure that users’ data is handled properly, and the company / business is compliant with GDPR legislation. This also means that big businesses will need to ensure that they have data processing registries in place – to make sure data is handled fairly, kept on record for necessary purposes and completely removed at any time the user wishes to opt out. So, every business needs to comply by enlisting a data officer or handling your data themselves – they must comply with the GDPR standards in order to avoid huge fines and loss of business too.
Leaving the EU
With the UK leaving the EU becoming the eventuality, some users and data controllers may not think that an EU legislation will apply to us. They are incorrect. As long as a business has users based within the EU, they must comply with the regulatory standards of the GDPR. Companies based in the US, with UK customers will have to be compliant with GDPR, to ensure that users data is treated fairly, used legally, with purpose and the users must be fully aware of what their data is going to be used for. The GDPR applies to UK businesses and users – no matter if we’re in the EU or not.
Other Resource: https://www.varonis.com/learn/what-is-eu-gdpr/
Whilst this has been a lengthy post, we’ll outline the key points in this paragraph – so the information laid out is clear. As a user, you’ll be entitled to know the following about your data:
- Where your data will be used – which companies will see it
- Why your data will be used – what is the purpose of keeping your data on record
- The right to opt out – you can decide that a company should delete and erase your data at any time
- If your data is no longer being used for a purpose, it must be deleted
- Companies that don’t comply with the GDPR will face huge fines
- Businesses must fully disclose what data is used for, and not hide it in terms and conditions
- We are still affected by the GDPR, even when leaving the EU
- The GDPR replaces the Data Protection Act of 1998
For more information on the GDPR, you can read the full document online or read our article “GDPR – What you need to know“. GDPR is about making sure our data is treated more fairly by big companies and businesses. Anything that involves providing your personal data online, check that the company is compliant with GDPR standards.
TFS Loans are specialist Guarantor Loan lenders. A Guarantor Loan is a form of loan that requires someone to act as the Borrower’s Guarantor. We offer Guarantor Loans from £1,000 to £15,000, over 1 to 5 years.