I expect everyone has been experiencing the annoying calls and emails asking if you have been involved in an accident or you are entitled to something because of something even though neither has taken place. Well by all means this has not been done by breaking any laws! But these companies have obtained your information through some ways or means. With GDPR this should tighten this action from happening.
One of the key points moving forward or after the 25th May 2018, consent must be freely given, specific, informed and unambiguous. It cannot be buried in lengthy terms and conditions.
This will make it much harder for marketers to establish that they have the requisite permissions, which is why your inbox has probably been “spammed” recently with emails asking for your consent to continue receiving messages. The benefit moving forward is that it also needs to be just as easy to opt out of these as it is to sign up for them.
How will the company achieve this?
Most of these public and private organisations that hold such data will be required to appoint a Data Protection Officer. The task of the DPO will be to monitor compliance with the law, education and training to staff as well conducting those internal audits and making sure things are in a good place. The DPO will also be the first point of contact for the authorities, I will touch on these later as well. They will also be the point of contact for any of those people that have their data processed, this will not stop at the employees this also includes the customers too. The interesting thing here is that the DPO must be given the resources to carry out these functions and must have direct access to the top of the management tree. Over the next year few years with the way data is becoming extremely important the DPO role is going to be really important for all.
Who is responsible for making sure everyone adheres?
This is who, well at least for the UK, Elizabeth Denman, Information Commissioner for the United Kingdom. Elizabeth is also the
Chief Executive Officer for a 500+ person independent regulatory agency enforcing data protection and freedom of information law. She appeared recently on the BBC and was asked some interesting questions in regard to the GDPR coming into effect.
“We will have more powers to stop companies processing data, but we only take action where there has been serious and sustained harm to individuals,” she explained.
“What this new fining power gives us is the ability to go after larger, global and sometimes multi-national companies where the old £500,000 fine would just be pocket change.”
She added that she accepted that some companies will need time to become fully compliant.
“The first thing we are going to look at is, have they taken steps, have they taken action to undertake the new compliance regime,” she added.
“Do they have a commitment to the regime?
“We’re not going to be looking at perfection, we’re going to be looking for commitment.”
Large fines will be reserved for the most serious cases, she said, when a company refuses to comply voluntarily.
This is why I mention that if you are only getting around to looking into this and if it effects your business then it’s not too late. But you need to welcome it because the world is changing to have more awareness to data and more importantly personal data and how it is used.
Let’s try and summarise
All those customers that have been holding your data, emailing you privacy updates via email and even those people that have been calling you will be obligated to clearly inform people about the why they are collecting personal data, how is it going to be used and if it’s going to be shared then who to. This is the reason I personally think this is a step in the right direction for data, it means it’s going to make our personal data safer and puts more control on us as to what we want companies to do with it. Unfortunately, this is not going to be an easy switch for all companies and there will be teething pains but it’s a necessary must in my eyes.
For the British people reading that thinks this will all go away post the United Kingdom leaving the European Union. Nope! The UK government have made it very clear that they will remain signed up.
Like I said I am all in favour of this and I do hope that the rest of the world takes notes and also becomes regulated in a similar way. I am also really pleased to know the company I work for is also adhering to this regulation.