General Data Protection Regulation (GDPR)
On the 25th of May 2018, the new GDPR regulations became law. These new laws replace existing laws and are designed to protect the rights of EU citizens.
The new General Data Protection Regulations are designed to protect all of us. For years personal data has been misused by organisations both legitimate and criminal. The so-called legitimate businesses typically buy and sell personal data, and use it for marketing purposes including traditional mail campaigns, telephone marketing and unsolicited commercial email (SPAM).
The gathering of information has often been underhand and dishonest using techniques like having a default setting on a web page and making the user opt-out rather than opt-in. Options to share data with “trusted partners” means selling personal data to the highest bidder.
GDPR is designed to stop all that. Users will have to opt-in to sharing their data; companies won’t be able to assume one opt-in means the user has opted into sharing all their data for life. Companies will have to disclose if asked what data they have stored about an individual. They will have to delete it if requested.
However, these new regulations are going to be a legal minefield of conflicting interests. There are going to be many conflicts where tax law and GDPR conflict and where the practicalities make compliance very difficult.
Companies will also be responsible for keeping data safe. We have all seen stories in the news where government agencies or the police have lost data by leaving a laptop on a train or having it stolen from a car. Laptops and memory sticks are especially vulnerable and need to be encrypted.
Corporate lawyers will be rubbing their hands as this will make some of them even wealthier.
Criminals won’t take any notice of this anyway as most of them operate outside of Europe and they are criminals after all. So don’t expect the SPAM and marketing materials to stop.
On the upside, the system of fines is not designed as a first resort to ensure compliance. It seems unlikely the government will have the resources to enforce this on day one, if ever.
Visit the official EU GDPR website
For help with GDPR compliance
Please use the Contact us page or call us on 01525540041 or 02033271747