The 1998 Data Protection act came into place as a way to control the way personal information was handled and give rights to those who had data stored about them. Since then, technology has advanced dramatically giving rise to a new wave of companies hoarding valuable data that can be used in a multitude of ways–often illegally.
But a new change is coming that aims to put a stop to any potentially illegal practices or accidental mishandling of data.
As part of an EU directive, the laws surrounding data protection will become a lot more stringent in an attempt to protect user’s rights properly and put any wrongdoing that has been shown to still be prevalent.
The General Data Protection Regulation or “GDPR” is the name given to the new regulations that will govern all European Union members and anyone that chooses to conduct business with them.
The main purpose of these new GDPR rules is to give control over personal data back to the user and simplify the regulatory environment for international business by unifying the regulations within the EU.
What this means for you:
You are the controller and owner of any personal data that is stored on you and therefore have the right to request access to said data. Companies will be required to give you access to all of this information within one month or face potential fines.
You will also have the right to request that your information is deleted if it is no longer necessary for the purpose of why it was collected in the first place.
Your rights are also protected under this law if a data breach was to occur. These new regulations will make it easier to file a claim against the company if your data is mishandled or wasn’t sufficiently secured in compliance with GDPR standards.
What this means for businesses:
If your business handles personal data, then you must protect yourself in full compliance with the law.
There are lots of different services that you can make use of that help to make you compliant and aid in protecting you in the event of a data breach.
For those who handle extremely sensitive information such as lawyers and doctors, the importance of ensuring compliance should be number one on your priority list as the fines for mishandling personal information in these circumstances can have extremely serious consequences
Consent must also be given to you by the data controller that you are legally allowed to hold and use this information.
If a company is found to have mishandled or not protected a user’s personal information to the full standards of the law then stringent penalties will be enforced to prevent the same practice from happening again.
The fines vary in severity from written warnings and regular audits to as much as 4% of a company’s global annual turnover.
These fines are hefty and could have a serious impact on a company’s future if they were to be enforced in the instance of a data protection crime. They are however a necessary addition to the law in order to act as a deterrent to those who may choose not to consider citizens' rights when conducting business.
GDPR comes into place on May 25th, 2018 and up to this point, businesses have been given plenty of time to prepare themselves to be compliant. With these new regulations, the hope is that companies will be dissuaded from illegal practice and will consider the rights of users much more seriously.