Open any newspaper or magazine these days and there is a good chance there will be something about the General Data Protection Regulation (GDPR) in it but with less than a month until the introduction of the regulation on 25th May 2018, it seems most British people and businesses are still unprepared for the changes.
The new regulations were announced two years ago and as the deadline nears, there still appears to be a great deal of mystery surrounding GDPR for most British people. The focus of GDPR is very much a professional rather than a public conversation with many news stories focusing on the impact the regulation will have on business and little mention of the rights of the individual. Too much emphasis has been placed on companies and technology with a great deal of scaremongering surrounding heavy fines for data breaches but not enough attention is being paid to the individuals within organisations who handle personal data and the individuals whose data is being used.
To the average consumer, GDPR appears to be an overwhelmingly complex and difficult to understand regulation but this doesn’t have to be the case. In fact, what most people don’t yet seem to appreciate is that GDPR actually provides individuals with an opportunity to own their details giving them the ability to control and even revoke consents for sharing and storing their personal data. In an increasingly data driven digital world, it is accepted that sharing our personal information is often a daily requirement and the general public are becoming much more familiar with requests for their details and GDPR will ensure the data collected is done so in a more responsible way
A 2017 survey conducted by market research company, YouGov highlighted that the majority of British people still don’t understand what GDPR is and how it will affect them personally. The survey revealed that while two in five people said they had seen or heard something in the media about a new data protection regulation, almost three quarters (72 per cent) hadn’t actually heard of the regulation itself. The survey also showed that more than half of British people appreciate that providing personal data is a necessary part of registering for services and products but almost all those polled (96 per cent) confessed to never reading all, if any, website terms and conditions, privacy policies and cookie consents. A more recent survey conducted by Kantar TNS UK earlier this year found that just 35 per cent of those polled had heard of GDPR and had little understanding of the regulation. Even as the deadline approaches, it seems the British public remain uniformed.
A real opportunity
Recent news stories of data breaches in the UK and around the world have made headlines highlighting the risks when personal data is misused but most people seem unaware that GDPR will assist in solving some of these issues. It was just a few weeks ago when data analytics firm, Cambridge Analytica found itself at the centre of a dispute with Facebook over the use of personal data and whether this activity impacted the outcome of the UK Brexit referendum or the US 2016 presidential election. According to data and research website, eMarketer, around 34 Million people in the UK are currently Facebook users so news of misuse of personal data on this social media giant will obviously unsettle a large proportion of the population and raise awareness of the implications of oversharing personal information. Many consumers continue watching the fallout online and in the news of this particular story.
It seems that the British public often provide an uninformed market to those organisations that retrieve and hold personal data. The new rules under GDPR, offer a real opportunity to consumers to control their own personal information making it incredibly important for people to understand their rights. It is important not only for individuals to educate themselves on the new regulation, but for businesses and service providers to ensure they have the robust processes in place to simplify the consent process for consumers. The new regulation empowers individuals to own their personal information ensuring that data is not processed prior to consent being given. UK businesses not only need to ensure they have policies and procedures in place to adhere to GDPR, but must also ensure all staff who deal with consumers personal information are thoroughly trained on its impact and on the rights of the individual.
Firstly, people should understand that the term ‘personal data’ can refer to anything that identifies an individual including photographs, name and date of birth, home address, dependents, racial or ethnic origin, religious belief, health conditions, gender etc. Many organisations hold vast quantities of outdated, inaccurate information in databases and the individuals concerned often aren’t even aware that the data being held still exists. Under the new regulation, organisations are permitted to hold historical data however GDPR introduces the much talked about ‘right to be forgotten’ which enables data subjects the right to request an organisation delete all information held about them if it is no longer relevant. GDPR gives much greater control to data subjects providing individuals with greater visibility of their data and the right to make a Subject Access Request (SAR). Put simply, everyone is entitled to access their personal data on request and organisations are obligated to respond to requests within 30 days under GDPR regulations.
Providing a better experience
Whilst placing greater focus on the data subject, GDPR also offers businesses the opportunity to clear a backlog of unnecessary information and provide a better, trusting and more secure service to their clients and customers. Under GDPR, data subject consent must be explicit and permissions must be easily understood with the minimum use of jargon. The regulation will simplify the process and empower individuals to control their own personal data whilst also making organisations who deal with personal information more accountable for its security. There is no doubt the introduction of the regulation will present a challenge but overall GDPR represents a very positive change for us all.
Mike McEwan, UK CEO, ICONFIRM
Image source: Shutterstock/Wright Studio